Search criteria
4 vulnerabilities by mmonit
CVE-2019-11454 (GCVE-0-2019-11454)
Vulnerability from cvelistv5 – Published: 2019-04-22 15:05 – Updated: 2024-08-04 22:55
VLAI?
Summary
Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an _viewlog operation.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:40.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bitbucket.org/tildeslash/monit/commits/328f60773057641c4b2075fab9820145e95b728c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bitbucket.org/tildeslash/monit/commits/1a8295eab6815072a18019b668fe084945b751f3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dzflack/exploits/blob/master/unix/monit_xss.py"
},
{
"name": "[debian-lts-announce] 20190426 [SECURITY] [DLA 1767-1] monit security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00028.html"
},
{
"name": "USN-3971-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3971-1/"
},
{
"name": "FEDORA-2020-9c19202d55",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L475QJMFFI2QV5QEHAKKPVX6QX6ECUL6/"
},
{
"name": "FEDORA-2020-f70cd7c24b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZQDHRSKTEX5MSYXNCGFTUSFGANBARHX/"
},
{
"name": "[debian-lts-announce] 20211227 [SECURITY] [DLA 2855-1] monit security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00018.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an _viewlog operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-27T21:06:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bitbucket.org/tildeslash/monit/commits/328f60773057641c4b2075fab9820145e95b728c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bitbucket.org/tildeslash/monit/commits/1a8295eab6815072a18019b668fe084945b751f3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dzflack/exploits/blob/master/unix/monit_xss.py"
},
{
"name": "[debian-lts-announce] 20190426 [SECURITY] [DLA 1767-1] monit security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00028.html"
},
{
"name": "USN-3971-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3971-1/"
},
{
"name": "FEDORA-2020-9c19202d55",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L475QJMFFI2QV5QEHAKKPVX6QX6ECUL6/"
},
{
"name": "FEDORA-2020-f70cd7c24b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZQDHRSKTEX5MSYXNCGFTUSFGANBARHX/"
},
{
"name": "[debian-lts-announce] 20211227 [SECURITY] [DLA 2855-1] monit security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00018.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11454",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an _viewlog operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bitbucket.org/tildeslash/monit/commits/328f60773057641c4b2075fab9820145e95b728c",
"refsource": "MISC",
"url": "https://bitbucket.org/tildeslash/monit/commits/328f60773057641c4b2075fab9820145e95b728c"
},
{
"name": "https://bitbucket.org/tildeslash/monit/commits/1a8295eab6815072a18019b668fe084945b751f3",
"refsource": "MISC",
"url": "https://bitbucket.org/tildeslash/monit/commits/1a8295eab6815072a18019b668fe084945b751f3"
},
{
"name": "https://github.com/dzflack/exploits/blob/master/unix/monit_xss.py",
"refsource": "MISC",
"url": "https://github.com/dzflack/exploits/blob/master/unix/monit_xss.py"
},
{
"name": "[debian-lts-announce] 20190426 [SECURITY] [DLA 1767-1] monit security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00028.html"
},
{
"name": "USN-3971-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3971-1/"
},
{
"name": "FEDORA-2020-9c19202d55",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L475QJMFFI2QV5QEHAKKPVX6QX6ECUL6/"
},
{
"name": "FEDORA-2020-f70cd7c24b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQDHRSKTEX5MSYXNCGFTUSFGANBARHX/"
},
{
"name": "[debian-lts-announce] 20211227 [SECURITY] [DLA 2855-1] monit security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00018.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11454",
"datePublished": "2019-04-22T15:05:51",
"dateReserved": "2019-04-22T00:00:00",
"dateUpdated": "2024-08-04T22:55:40.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7067 (GCVE-0-2016-7067)
Vulnerability from cvelistv5 – Published: 2018-09-10 14:00 – Updated: 2024-08-06 01:50
VLAI?
Summary
Monit before version 5.20.0 is vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host or disable/enable monitoring for a specific service.
Severity ?
6.5 (Medium)
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tildeslash Ltd. | monit |
Affected:
5.20.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:47.388Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93953",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93953"
},
{
"name": "[oss-security] 20161027 CVE-2016-7067 - CSRF in Monit Service Manager",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://seclists.org/oss-sec/2016/q4/267"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7067"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bitbucket.org/tildeslash/monit/commits/c6ec3820e627f85417053e6336de2987f2d863e3?at=master"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "monit",
"vendor": "Tildeslash Ltd.",
"versions": [
{
"status": "affected",
"version": "5.20.0"
}
]
}
],
"datePublic": "2016-10-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Monit before version 5.20.0 is vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host or disable/enable monitoring for a specific service."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-11T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "93953",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93953"
},
{
"name": "[oss-security] 20161027 CVE-2016-7067 - CSRF in Monit Service Manager",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://seclists.org/oss-sec/2016/q4/267"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7067"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bitbucket.org/tildeslash/monit/commits/c6ec3820e627f85417053e6336de2987f2d863e3?at=master"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-7067",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "monit",
"version": {
"version_data": [
{
"version_value": "5.20.0"
}
]
}
}
]
},
"vendor_name": "Tildeslash Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Monit before version 5.20.0 is vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host or disable/enable monitoring for a specific service."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
],
[
{
"vectorString": "5.8/AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93953",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93953"
},
{
"name": "[oss-security] 20161027 CVE-2016-7067 - CSRF in Monit Service Manager",
"refsource": "MLIST",
"url": "https://seclists.org/oss-sec/2016/q4/267"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7067",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7067"
},
{
"name": "https://bitbucket.org/tildeslash/monit/commits/c6ec3820e627f85417053e6336de2987f2d863e3?at=master",
"refsource": "CONFIRM",
"url": "https://bitbucket.org/tildeslash/monit/commits/c6ec3820e627f85417053e6336de2987f2d863e3?at=master"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-7067",
"datePublished": "2018-09-10T14:00:00",
"dateReserved": "2016-08-23T00:00:00",
"dateUpdated": "2024-08-06T01:50:47.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6409 (GCVE-0-2014-6409)
Vulnerability from cvelistv5 – Published: 2014-10-06 23:00 – Updated: 2024-08-06 12:17
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in M/Monit 3.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that change user passwords via the fullname and password parameters to /admin/users/update.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:17:22.316Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mmonit-cve20146409-csrf(96122)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96122"
},
{
"name": "20140919 M/Monit - Account hijacking via CSRF",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Sep/71"
},
{
"name": "34718",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/34718"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128321/M-Monit-3.2.2-Cross-Site-Request-Forgery.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in M/Monit 3.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that change user passwords via the fullname and password parameters to /admin/users/update."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mmonit-cve20146409-csrf(96122)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96122"
},
{
"name": "20140919 M/Monit - Account hijacking via CSRF",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Sep/71"
},
{
"name": "34718",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/34718"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128321/M-Monit-3.2.2-Cross-Site-Request-Forgery.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6409",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in M/Monit 3.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that change user passwords via the fullname and password parameters to /admin/users/update."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mmonit-cve20146409-csrf(96122)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96122"
},
{
"name": "20140919 M/Monit - Account hijacking via CSRF",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Sep/71"
},
{
"name": "34718",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/34718"
},
{
"name": "http://packetstormsecurity.com/files/128321/M-Monit-3.2.2-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128321/M-Monit-3.2.2-Cross-Site-Request-Forgery.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-6409",
"datePublished": "2014-10-06T23:00:00",
"dateReserved": "2014-09-15T00:00:00",
"dateUpdated": "2024-08-06T12:17:22.316Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6607 (GCVE-0-2014-6607)
Vulnerability from cvelistv5 – Published: 2014-10-06 23:00 – Updated: 2024-08-06 12:24
VLAI?
Summary
M/Monit 3.3.2 and earlier does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via the fullname and password parameters, a different vulnerability than CVE-2014-6409.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:24:34.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140919 M/Monit - Account hijacking via CSRF",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Sep/71"
},
{
"name": "34718",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/34718"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128321/M-Monit-3.2.2-Cross-Site-Request-Forgery.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "M/Monit 3.3.2 and earlier does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via the fullname and password parameters, a different vulnerability than CVE-2014-6409."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-10-06T22:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20140919 M/Monit - Account hijacking via CSRF",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Sep/71"
},
{
"name": "34718",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/34718"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128321/M-Monit-3.2.2-Cross-Site-Request-Forgery.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6607",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "M/Monit 3.3.2 and earlier does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via the fullname and password parameters, a different vulnerability than CVE-2014-6409."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140919 M/Monit - Account hijacking via CSRF",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Sep/71"
},
{
"name": "34718",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/34718"
},
{
"name": "http://packetstormsecurity.com/files/128321/M-Monit-3.2.2-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128321/M-Monit-3.2.2-Cross-Site-Request-Forgery.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-6607",
"datePublished": "2014-10-06T23:00:00",
"dateReserved": "2014-09-18T00:00:00",
"dateUpdated": "2024-08-06T12:24:34.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}