-
Defect (Security)
-
Resolution: Cannot Reproduce
-
Major
-
None
-
2.0.9
-
None
-
Centos 6.4
Not sure if I could club with another issue, so am opening a new one for this. This seems like a vulnerability in the latest code as well as far as I could investigate.
Nessus reports the following error with Zabbix 2.0.9.
Using the GET HTTP method, Nessus found that :
+ The following resources may be vulnerable to arbitrary command execution (time based) :
+ The 'lang' parameter of the /zabbix/jsLoader.php CGI :
/zabbix/jsLoader.php?showGuiMessaging=0&ver=2.0.9&lang=en_gb%7C%7C%20sle
ep%2021%20%26
-------- output --------
if (typeof(locale) == "undefined") { var locale = {}; }
locale['S_MAX_COOKIE_SIZE_REACHED'] = 'We are sorry, the maximum p [...]
- (c) 2005-2009 Sam Stephenson
* - Prototype is freely distributable under the terms of an MIT-sty [...]
- For details, see the Prototype web site: http://www.prototypejs.org/
*-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- [...]
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
var Prototype = {
[...]
------------------------