CVE-2013-5572

Sažetak

Zabbix 2.0.5 allows remote authenticated users to discover the LDAP bind password by leveraging management-console access and reading the ldap_bind_password value in the HTML source code.

Reference

http://archives.neohapsis.com/archives/fulldisclosure/2013-09/0149.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132376.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132377.html

CVSS

Base:	3.5
Impact:	2.9
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:M/Au:S/C:P/I:N/A:N

Zadnje važnije ažuriranje

10-05-2014 - 03:58

Objavljeno

01-10-2013 - 03:48