|Summary:||CVE-2013-7070 CVE-2013-7071 CVE-2013-7072 monitorix: HTTP server 'handle_request()' session fixation & XSS vulnerabilities|
|Product:||[Other] Security Response||Reporter:||Ratul Gupta <ratulg>|
|Component:||vulnerability||Assignee:||Red Hat Product Security <security-response-team>|
|Status:||CLOSED ERRATA||QA Contact:|
|Version:||unspecified||CC:||cickumqt, jrusnack, mmcallis|
|Fixed In Version:||monitorix 3.4.0||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2013-12-31 02:57:20 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
|Bug Depends On:||1038073, 1038074|
Description Ratul Gupta 2013-12-04 11:08:30 UTC
Comment 1 Ratul Gupta 2013-12-04 11:11:44 UTC
Created monitorix tracking bugs for this issue: Affects: fedora-all [bug 1038073] Affects: epel-6 [bug 1038074]
Comment 2 Fedora Update System 2013-12-05 03:23:49 UTC
monitorix-3.4.0-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
Comment 3 Fedora Update System 2013-12-13 05:01:51 UTC
monitorix-3.4.0-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
Comment 4 Fedora Update System 2013-12-14 02:50:16 UTC
monitorix-3.4.0-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
Comment 5 Murray McAllister 2014-06-17 07:04:38 UTC
Note that CVE-2013-7072 has been rejected: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7072 No further details available at the moment
Comment 6 Murray McAllister 2014-06-17 07:37:22 UTC
(In reply to Murray McAllister from comment #5) > Note that CVE-2013-7072 has been rejected: > > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7072 > > No further details available at the moment Reasoning from MITRE in <http://seclists.org/oss-sec/2014/q2/541>