Centreon Multiple Vulnerabilities


Description   (#Several vulnerabilities have been identified in Centreon :#- stored cross-site scripting. A remote attacker can exploit it in order to execute arbitrary Javascript or HTML code. This vulnerability stems from the non-sanitation of "img_comment" parameter#- command injection. A remote attacker could exploit it in order to inject and execute arbitrary commands. This vulnerability stems from the improper sanitation of "persistant" parameter#- unrestricted file upload vulnerability. A remote attacker could exploit by uploading a malicious PHP script file that will be stored in the "/img/media/" directory it in order to execute arbitrary PHP code#- cross-site request forgery. A remote attacker could perform certain operations with the privileges of their victim by inciting them into opening a malicious link.##Proofs of concept are available.)
     
Vulnerable Products   Vulnerable Software:
Centreon (Merethis) - 2.0, 2.0-b2, 2.0-b3, 2.0-b4, 2.0-b5, ..., 2.5.4, 2.6.0, 2.6.2, 2.6.3, 2.6.4
     
Solution   The 2.6.5 version of Centreon fixes the cross-site scripting and the cross-site request forgery vulnerabilities.
     
CVE  
     
References   - Centreon Documentation : Centreon 2.6.2
https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.6.2.html
- 0day.today : Centreon 2.6.1 - Multiple Vulnerabilities
http://0day.today/exploit/24302
- Centreon Documentation : Centreon 2.6.5
https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.6.5.html
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
XSS - Prevention - POST : suspicious 'style' tag found in data
5.0.0
XSS - Prevention - POST : javascript code found in data
5.0.0
XSS - Prevention - POST : suspicious tag with event found in data
5.0.0
XSS - Prevention - POST : suspicious 'embed' tag found in data
5.0.0
XSS - Prevention - POST : 'location' javascript object found in data
5.0.0
Upload of a PHP file in a vulnerable web application
5.0.0
XSS - Prevention - POST : code allowing cookie access found in data
5.0.0
XSS - Prevention - POST : 'script' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'style' attribute found in data
5.0.0
XSS - Prevention - POST : suspicious 'applet' tag found in data
5.0.0
Centreon remote code execution
5.0.0
XSS - Prevention - POST : suspicious 'div' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'img' attribute found in data
5.0.0
XSS - Prevention - POST : suspicious 'meta' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'object' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'iframe' tag found in data
5.0.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2015-09-27 

 Target Type 
Server 

 Possible exploit 
Remote