Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-10319

"stime" parameter for charts.php is not validated and can make Web server consume 100% CPU

XMLWordPrintable

      Suppose we usually go into "Monitoring" -> "Graphs" using the following link:

      http://localhost/zabbix/charts.php?graphid=525&period=3600&stime=20160127113255

      The last "stime" parameter looks like an encoded date and time together in a validatable format. However, it is not validated. For instance, if we modify the parameter like so, the Web server will hang using 100% CPU:

      http://localhost/zabbix/charts.php?graphid=525&period=3600&stime=20000000160127113255

        1. broken-graph-1.png
          broken-graph-1.png
          4 kB
        2. broken-graph-2.png
          broken-graph-2.png
          6 kB

            Unassigned Unassigned
            asaveljevs Aleksandrs Saveljevs
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: