VU#449452
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

 
View only
 
 
ABCDEFGHIJKLMNOPQRSTUVWXYZ
1
CVE ID
Zenoss Bug ID
SummaryImpact DescriptionVendor Status
2
Provided by Matasano SecurityProvided by Zenoss
3
CVE-2014-6253ZEN-12653Systemic Cross Site Request ForgeryAn attacker could utilize a cross site request forgery to force a user to perform actions without their knowing. If an attacker were able to coerce a user to visit a malicious page, the attacker could embed malicious content that automatically performs a POST or GET request on behalf of the authenticated user, performing an arbitrary action. Furthermore, if the site contains multiple cross site scripting vulnerabilities, an attacker could utilize these vulnerabilities to force a user to perform an action simply by passively viewing content on the control center site.BACKLOG: We are internally tracking this as ZEN-12653. It has been assigned priority 3 for our next maintenance release on the Zenoss 5 line.
4
CVE-2014-6254ZEN-15381Systemic Stored Cross-Site Scripting in Zenoss AttributesAttackers can cause authenticated users of the application to perform action on behalf of the attacker, and to send data from the application to the attacker. In pages that display device names and details, report names or details, portlet names, and other information from Zenoss, data from the browser is integrated into pages without validation or encoding. This allows attackers to create links and form submissions that result in code of the attacker's choosing being integrated into the resulting pages. If an attacker can convince another user to click their link, or view any web page on the internet that the attacker can partially control, the user's browser will execute the attacker's JavaScript in the context of the target site.BACKLOG: We are internally tracking this as ZEN-15381. It has been assigned priority 2 for our next maintenance release on the Zenoss 5 line.
5
CVE-2014-9245ZEN-15382Stack Trace Contains Internal URLs and Other Sensitive InformationAttempting to rename a product to a name containing special characters fails, and an error page containing a stack trace is returned. An attacker may be able to use this information to plan further attacks, or in a social engineering attack.BACKLOG: We are internally tracking this as ZEN-15382. It has been assigned priority 2 for our next maintenance release on the Zenoss 5 line.
6
CVE-2014-6255ZEN-11998Open Redirect in Login FormAn open redirect is an endpoint in the application which accepts a GET request with an arbitrary URL embedded in the path or query string, and issues a HTTP redirect to the specified URL. This allows attackers to craft a link which appears to lead to the application, but results in a page controlled by the attacker. The login form accepts an arbitrary URL in the `came_from` query parameter, and redirects the user to this url after a successful login.CLOSED: We are internally tracking this as ZEN-11998. It has been resolved in Zenoss 4.2.5 SP161.
7
CVE-2014-6261ZEN-12657Remote Code Execution via Version CheckAn attacker who is able to get a victim to visit an attacker-controlled website while logged in to the Zenoss interface can execute arbitrary code on the Zenoss installation. Additionally, an attacker who is able to perform a man-in-the-middle attack between the Zenoss installation and Zenoss' corporate "callhome" server - or control the "callhome" server - can execute arbitrary code on the Zenoss installation.BACKLOG: We are internally tracking this as ZEN-12657. It has been assigned priority 3 for our next maintenance release on the Zenoss 5 line.
8
CVE-2014-6256ZEN-15386Authorization Bypass Allows Moving Arbitrary FilesAn attacker may be able to move files containing sensitive data to a publicly accessible directory, or place files containing attacker-controlled content into a location where they will be executed.BACKLOG: We are internally tracking this as ZEN-15386. It has been assigned priority 2 for our next maintenance release on the Zenoss 5 line.
9
CVE-2014-9246ZEN-15388Cross-Site Request Forgery Leads to ZenPack InstallationThe Zenoss user interface allows qualified users to upload ZenPacks, which will then be unpacked and installed. These ZenPacks will be loaded by Zenoss after it is restarted. Because there is no cross-site request forgery protection, an attacker may exploit this ability to run code on the Zenoss server when it is restarted.BACKLOG: We are internally tracking this as ZEN-15388. It has been assigned priority 2 for our next maintenance release on the Zenoss 5 line.
10
CVE-2014-9246ZEN-12691Sessions Do Not ExpireAn attacker on a shared computer setup (such as a library or kiosk) could visit the Zenoss dashboard, write down the associated session ID cookie, and enter it on their computer as well. When a user logs in to Zenoss, the attacker will then be logged in as the user.CLOSED: We are internally tracking this as ZEN-12691. It has been resolved in the latest Zenoss 4.2.5 SP.
11
CVE-2014-9247ZEN-15389User Enumeration via User ManagerEven as an unprivileged user, the ZenUsers page lists the users in the system, their email addresses, and their roles.BACKLOG: We are internally tracking this as ZEN-15389. It has been assigned priority 2 for our next maintenance release on the Zenoss 5 line.
12
CVE-2014-9248ZEN-15406No Password Complexity RequirementsA user may choose a bad password that makes it easy for an attacker to guess their password and log in to their account. The application does not enforce any password complexity requirements.BACKLOG: We are internally tracking this as ZEN-15406. It has been assigned priority 2 for our next maintenance release on the Zenoss 5 line.
13
CVE-2014-6257ZEN-15407Systemic Authorization BypassesAn attacker may be able to trigger actions that were not intended to be triggered, or may be able to trigger actions that would normally require more permissions than their account has. The Zope platform on which Zenoss runs maps URLs to a tree of objects, with the final path component as a method call on the specified object. Methods can be protected with the `ZEN_CHANGE_SETTINGS` permission, however the default state for object methods is to be accessible. Many helper methods not intended to be directly invoked as web endpoints are not protected, and can be invoked by any user who has access to view the underlying object.BACKLOG: We are internally tracking this as ZEN-15407. It has been assigned priority 2 for our next maintenance release on the Zenoss 5 line.
14
CVE-2014-9249ZEN-15408Exposed Services in Default ConfigurationAn attacker may be able to read or modify system information from any of the available databases, use write access to one of the servers to inject information that may exploit the trusted position of those databases in Zenoss, or exploit a vulnerability in any of the other pieces of software. This is due to unnecessarily exposed open ports.CLOSED: We are internally tracking this as ZEN-15408. We will not be addressing this in the Zenoss 4 line, and it has been resolved in the Zenoss 5 line.
15
CVE-2014-9250ZEN-10148Cookie Authentication is InsecureAn attacker able to retrieve the authentication cookie (which does not have the HttpOnly flag set) would be able to determine the user's username and password.CLOSED: We are internally tracking this as ZEN-10148. We are not planning a product change for this issue. We recommend that users wanting to use cookie-based authentication configure their Zenoss installation to operate over SSL/HTTPs.
16
CVE-2014-6254ZEN-15410Cross Site Scripting from Exposed Helper MethodsMany "helper" methods on internal objects are exposed to direct invocation via HTTP requests. Various methods which perform string manipulations can be used to perform both stored and reflected cross-site scripting (XSS) attacks. (Additionally, see Issue #11)BACKLOG: We are internally tracking this as ZEN-15410. It has been assigned priority 2 for our next maintenance release on the Zenoss 5 line.
17
CVE-2014-6258ZEN-15411Denial of Service from User-Supplied Regular ExpressionA publicly accessible endpoint on the server allows a client to specify a regex and a string to match it against. An attacker can craft a match which requires exponential time to complete, preventing the server from responding to other requests.BACKLOG: We are internally tracking this as ZEN-15411. It has been assigned priority 2 for our next maintenance release on the Zenoss 5 line.
18
CVE-2014-6260ZEN-15412Page Command can be Edited Without Password Re-EntryAn attacker who is able to gain access to an administrator's session (either via an unlocked computer or other means of attack) would be able to change the pager command, leading to users not receiving pages, or arbitrary command execution. The command used to send a page to users can be edited by users with sufficient permission, without re-entering their password. Where commands are entered elsewhere in the system, editing a command requires a user's password, to avoid an attacker using a logged-in session of an administrator to change commands.BACKLOG: We are internally tracking this as ZEN-15412. It has been assigned priority 2 for our next maintenance release on the Zenoss 5 line.
19
CVE-2014-9251ZEN-15413Weak Password Hashing AlgorithmAn attacker who is able to get a copy of the Zenoss database may be able to brute-force passwords.BACKLOG: We are internally tracking this as ZEN-15413. It has been assigned priority 3 for our next maintenance release on the Zenoss 5 line.
20
CVE-2014-6259ZEN-15414Denial of Service Via XML Recursive Entity Expansion ("Billion Laughs")An attacker can cause the server to consume arbitrarily large amounts of memory and CPU resources, causing a denial of service.BACKLOG: We are internally tracking this as ZEN-15414. It has been assigned priority 2 for our next maintenance release on the Zenoss 5 line.
21
CVE-2014-6262ZEN-15415Denial of Service via RRDtool Format String VulnerabilityThe Zenoss user interface may be unavailable if an ongoing attack using these vulnerabilities is being executed. If the CVE-2013-2131 vulnerability is exploited, remote code execution may result. A pair of format string vulnerabilities in RRDtool may lead to unwanted behavior. Denial of service attack is confirmed, but more sophisticated attacks could potentially lead to code execution.CLOSED: We are internally tracking this as ZEN-15415. We will not be addressing this in the Zenoss 4 line, and it has been resolved in the Zenoss 5 line.
22
CVE-2014-9252ZEN-15416Plaintext Password Stored in Session on ServerAn attacker who is able to gain access to the session database can obtain plaintext copies of user passwords. The attacker may then use those passwords to authenticate to Zenoss, or to attempt attacks on other services where credential reuse is a possibility.BACKLOG: We are internally tracking this as ZEN-15416. It has been assigned priority 2 for our next maintenance release on the Zenoss 5 line.
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
Loading...
Main menu