Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-2826

Опубликовано: 09 апр. 2018
Источник: nvd
CVSS3: 3.7
CVSS2: 4.3
EPSS Низкий

Описание

An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X. A specially crafted iConfig proxy request can cause the Zabbix server to send the configuration information of any Zabbix proxy, resulting in information disclosure. An attacker can make requests from an active Zabbix proxy to trigger this vulnerability.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:zabbix:zabbix:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.4.0:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.4.0:rc2:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.4.0:rc3:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.4.1:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.4.1:rc2:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.4.2:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.4.3:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.4.3:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.4.4:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.4.4:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.4.5:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.4.5:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.4.6:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.4.6:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.4.7:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.4.7:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.4.8:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.4.8:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.4.9:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:2.4.9:rc1:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

EPSS

Процентиль: 49%
0.00262
Низкий

3.7 Low

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

ubuntu логотип

CVE-2017-2826

CVSS3: 3.7
ubuntu
почти 8 лет назад

An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X. A specially crafted iConfig proxy request can cause the Zabbix server to send the configuration information of any Zabbix proxy, resulting in information disclosure. An attacker can make requests from an active Zabbix proxy to trigger this vulnerability.

debian логотип

CVE-2017-2826

CVSS3: 3.7
debian
почти 8 лет назад

An information disclosure vulnerability exists in the iConfig proxy re ...

github логотип

GHSA-gxx4-vhw8-8h73

CVSS3: 3.7
github
больше 3 лет назад

An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X. A specially crafted iConfig proxy request can cause the Zabbix server to send the configuration information of any Zabbix proxy, resulting in information disclosure. An attacker can make requests from an active Zabbix proxy to trigger this vulnerability.

EPSS

Процентиль: 49%
0.00262
Низкий

3.7 Low

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-200