Lucene search

[email protected]CVE-2010-1277

HistoryApr 06, 2010 - 4:30 p.m.

CVE-2010-1277

2010-04-0616:30:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2010-1277

sql injection

zabbix 1.8

api

remote attackers

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.4%

JSON

SQL injection vulnerability in the user.authenticate method in the API in Zabbix 1.8 before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the user parameter in JSON data to api_jsonrpc.php.

Affected configurations

NVD

Node

zabbixzabbixMatch1.8

zabbixzabbixMatch1.8.1

CPENameOperatorVersion
zabbix:zabbixzabbixeq1.8
zabbix:zabbixzabbixeq1.8.1

CPE	Name	Operator	Version
zabbix:zabbix	zabbix	eq	1.8
zabbix:zabbix	zabbix	eq	1.8.1

References

archives.neohapsis.com/archives/fulldisclosure/2010-04/0001.html

legalhackers.com/advisories/zabbix181api-sql.txt

legalhackers.com/poc/zabbix181api.pl-poc

secunia.com/advisories/39119

www.osvdb.org/63456

www.securityfocus.com/archive/1/510480/100/0/threaded

www.securityfocus.com/bid/39148

www.vupen.com/english/advisories/2010/0799

www.zabbix.com/rn1.8.2.php

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.4%

JSON

Related for CVE-2010-1277

cvelist1 debiancve1 prion2 ubuntucve1 openvas2 nvd2 cve1 nessus1 gentoo1