Sign-up

ID

VAR-201008-0180


CVE

CVE-2010-2790


TITLE

Zabbix of formatQuery Function vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2010-001957

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in the formatQuery function in frontends/php/include/classes/class.curl.php in Zabbix before 1.8.3rc1 allow remote attackers to inject arbitrary web script or HTML via the (1) filter_set, (2) show_details, (3) filter_rst, or (4) txt_select parameters to the triggers page (tr_status.php). NOTE: some of these details are obtained from third party information. Zabbix is a CS network distributed network monitoring system. ZABBIX is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. ZABBIX version 1.8.2 is vulnerable; other versions may also be affected. ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Zabbix PHP Frontend "formatQuery()" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA40679 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40679/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40679 RELEASE DATE: 2010-07-28 DISCUSS ADVISORY: http://secunia.com/advisories/40679/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40679/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40679 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Zabbix, which can be exploited by malicious people to conduct cross-site scripting attacks. Various input is not properly sanitised by the "formatQuery()" function of the "Curl" class in frontends/php/include/classes/class.curl.php before being returned to the user. SOLUTION: Fixed in version 1.8.3-rc1. PROVIDED AND/OR DISCOVERED BY: Reported as a normal bug by alixen. Later independently reported as cross-site scripting vulnerabilities in frontends/php/tr_status.php by Vupen. ORIGINAL ADVISORY: Zabbix: http://www.zabbix.com/forum/showthread.php?p=68770 https://support.zabbix.com/browse/ZBX-2326 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.52

sources: NVD: CVE-2010-2790 // JVNDB: JVNDB-2010-001957 // CNVD: CNVD-2010-1470 // BID: 42017 // PACKETSTORM: 92257

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2010-1470

AFFECTED PRODUCTS

vendor:zabbixmodel:zabbixscope:eqversion:1.6.1

Trust: 1.6

vendor:zabbixmodel:zabbixscope:eqversion:1.5.2

Trust: 1.6

vendor:zabbixmodel:zabbixscope:eqversion:1.6.2

Trust: 1.6

vendor:zabbixmodel:zabbixscope:eqversion:1.6

Trust: 1.6

vendor:zabbixmodel:zabbixscope:eqversion:1.6.4

Trust: 1.6

vendor:zabbixmodel:zabbixscope:eqversion:1.5.1

Trust: 1.6

vendor:zabbixmodel:zabbixscope:eqversion:1.6.9

Trust: 1.6

vendor:zabbixmodel:zabbixscope:eqversion:1.5

Trust: 1.6

vendor:zabbixmodel:zabbixscope:eqversion:1.6.5

Trust: 1.6

vendor:zabbixmodel:zabbixscope:eqversion:1.5.4

Trust: 1.6

vendor:zabbixmodel:zabbixscope:eqversion:1.3.3

Trust: 1.0

vendor:zabbixmodel:zabbixscope:eqversion:1.7.3

Trust: 1.0

vendor:zabbixmodel:zabbixscope:eqversion:1.3.8

Trust: 1.0

vendor:zabbixmodel:zabbixscope:eqversion:1.4.5

Trust: 1.0

vendor:zabbixmodel:zabbixscope:eqversion:1.3.4

Trust: 1.0

vendor:zabbixmodel:zabbixscope:eqversion:1.1.2

Trust: 1.0

vendor:zabbixmodel:zabbixscope:eqversion:1.3.1

Trust: 1.0

vendor:zabbixmodel:zabbixscope:eqversion:1.5.3

Trust: 1.0

vendor:zabbixmodel:zabbixscope:eqversion:1.7.4

Trust: 1.0

vendor:zabbixmodel:zabbixscope:eqversion:1.1.3

Trust: 1.0

vendor:zabbixmodel:zabbixscope:eqversion:1.4.2

Trust: 1.0

vendor:zabbixmodel:zabbixscope:eqversion:1.1.5

Trust: 1.0

vendor:zabbixmodel:zabbixscope:eqversion:1.3.2

Trust: 1.0

vendor:zabbixmodel:zabbixscope:lteversion:1.8.2

Trust: 1.0

vendor:zabbixmodel:zabbixscope:eqversion:1.1.1

Trust: 1.0

vendor:zabbixmodel:zabbixscope:eqversion:1.4.6

Trust: 1.0

vendor:zabbixmodel:zabbixscope:eqversion:1.3.5

Trust: 1.0

vendor:zabbixmodel:zabbixscope:eqversion:1.7.1

Trust: 1.0

vendor:zabbixmodel:zabbixscope:eqversion:1.6.8

Trust: 1.0

vendor:zabbixmodel:zabbixscope:eqversion:1.1.4

Trust: 1.0

vendor:zabbixmodel:zabbixscope:eqversion:1.3.7

Trust: 1.0

vendor:zabbixmodel:zabbixscope:eqversion:1.8.1

Trust: 1.0

vendor:zabbixmodel:zabbixscope:eqversion:1.1.7

Trust: 1.0

vendor:zabbixmodel:zabbixscope:eqversion:1.6.7

Trust: 1.0

vendor:zabbixmodel:zabbixscope:eqversion:1.4.3

Trust: 1.0

vendor:zabbixmodel:zabbixscope:eqversion:1.1

Trust: 1.0

vendor:zabbixmodel:zabbixscope:eqversion:1.3.6

Trust: 1.0

vendor:zabbixmodel:zabbixscope:eqversion:1.1.6

Trust: 1.0

vendor:zabbixmodel:zabbixscope:eqversion:1.7

Trust: 1.0

vendor:zabbixmodel:zabbixscope:eqversion:1.3

Trust: 1.0

vendor:zabbixmodel:zabbixscope:eqversion:1.6.3

Trust: 1.0

vendor:zabbixmodel:zabbixscope:eqversion:1.6.6

Trust: 1.0

vendor:zabbixmodel:zabbixscope:eqversion:1.8

Trust: 1.0

vendor:zabbixmodel:zabbixscope:eqversion:1.4.4

Trust: 1.0

vendor:zabbixmodel:zabbixscope:eqversion:1.7.2

Trust: 1.0

vendor:zabbixmodel:zabbixscope:eqversion:1.8.2

Trust: 0.9

vendor:zabbixmodel:zabbixscope:ltversion:1.8.3rc1

Trust: 0.8

sources: CNVD: CNVD-2010-1470 // BID: 42017 // JVNDB: JVNDB-2010-001957 // CNNVD: CNNVD-201008-024 // NVD: CVE-2010-2790

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-2790
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-2790
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201008-024
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2010-2790
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2010-001957 // CNNVD: CNNVD-201008-024 // NVD: CVE-2010-2790

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2010-001957 // NVD: CVE-2010-2790

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201008-024

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 92257 // CNNVD: CNNVD-201008-024

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-001957

PATCH
title:rn1.8.3url:http://www.zabbix.com/rn1.8.3.php
Trust: 0.8
title:Zabbix 1.8.3rc1 releasedurl:http://www.zabbix.com/forum/showthread.php?p=68770
Trust: 0.8
title:ZBX-2326url:https://support.zabbix.com/browse/ZBX-2326
Trust: 0.8
title:Patch for ZABBIX 'formatQuery()' cross-site scripting vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/724
Trust: 0.6
title:zabbix-1.8.3url:http://123.124.177.30/web/xxk/bdxqById.tag?id=39955
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2010-1470 // 
            
            
            
            JVNDB: JVNDB-2010-001957 // 
            
            
            
            CNNVD: CNNVD-201008-024

EXTERNAL IDS
db:BIDid:42017
Trust: 3.3
db:SECUNIAid:40679
Trust: 3.1
db:NVDid:CVE-2010-2790
Trust: 2.7
db:VUPENid:ADV-2010-1908
Trust: 2.4
db:XFid:60772
Trust: 0.8
db:JVNDBid:JVNDB-2010-001957
Trust: 0.8
db:CNVDid:CNVD-2010-1470
Trust: 0.6
db:CNNVDid:CNNVD-201008-024
Trust: 0.6
db:PACKETSTORMid:92257
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2010-1470 // 
            
            
            
            BID: 42017 // 
            
            
            
            JVNDB: JVNDB-2010-001957 // 
            
            
            
            PACKETSTORM: 92257 // 
            
            
            
            CNNVD: CNNVD-201008-024 // 
            
            
            
            NVD: CVE-2010-2790

REFERENCES
url:http://secunia.com/advisories/40679
Trust: 2.4
url:http://www.securityfocus.com/bid/42017
Trust: 2.4
url:http://www.vupen.com/english/advisories/2010/1908
Trust: 2.4
url:https://support.zabbix.com/browse/zbx-2326
Trust: 2.0
url:http://www.zabbix.com/forum/showthread.php?p=68770
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/60772
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2790
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/60772
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2790
Trust: 0.8
url:http://secunia.com/advisories/40679/
Trust: 0.7
url:http://www.zabbix.org
Trust: 0.3
url:http://secunia.com/products/corporate/evm/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:http://secunia.com/advisories/40679/#comments
Trust: 0.1
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=40679
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/gfx/pdf/secunia_half_year_report_2010.pdf
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2010-1470 // 
            
            
            
            BID: 42017 // 
            
            
            
            JVNDB: JVNDB-2010-001957 // 
            
            
            
            PACKETSTORM: 92257 // 
            
            
            
            CNNVD: CNNVD-201008-024 // 
            
            
            
            NVD: CVE-2010-2790

CREDITS
Alixen
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201008-024

SOURCES
db:CNVDid:CNVD-2010-1470
db:BIDid:42017
db:JVNDBid:JVNDB-2010-001957
db:PACKETSTORMid:92257
db:CNNVDid:CNNVD-201008-024
db:NVDid:CVE-2010-2790

LAST UPDATE DATE
2024-08-14T14:47:10.989000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2010-1470date:2010-07-28T00:00:00
db:BIDid:42017date:2015-04-13T21:48:00
db:JVNDBid:JVNDB-2010-001957date:2010-09-07T00:00:00
db:CNNVDid:CNNVD-201008-024date:2023-04-26T00:00:00
db:NVDid:CVE-2010-2790date:2023-11-07T02:05:43.647

SOURCES RELEASE DATE
db:CNVDid:CNVD-2010-1470date:2010-07-28T00:00:00
db:BIDid:42017date:2010-07-28T00:00:00
db:JVNDBid:JVNDB-2010-001957date:2010-09-07T00:00:00
db:PACKETSTORMid:92257date:2010-07-28T14:42:01
db:CNNVDid:CNNVD-201008-024date:2010-07-28T00:00:00
db:NVDid:CVE-2010-2790date:2010-08-05T13:23:09.680