CVE-2012-0263: Infoleak
First published: Tue Dec 31 2013(Updated: )
monitor/index.php in op5 Monitor and op5 Appliance before 5.5.1 allows remote authenticated users to obtain sensitive information such as database and user credentials via error messages that are triggered by (1) a malformed hoststatustypes parameter to status/service/all or (2) a crafted request to config.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| op5 Monitor | <=5.5.0 | |
| op5 Monitor | =5.3.5 | |
| op5 Monitor | =5.4.0 | |
| op5 Monitor | =5.4.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2012-0263?
CVE-2012-0263 has a moderate severity rating due to the potential exposure of sensitive information.
How do I fix CVE-2012-0263?
To remediate CVE-2012-0263, upgrade to op5 Monitor version 5.5.1 or later.
Who is affected by CVE-2012-0263?
CVE-2012-0263 affects versions of op5 Monitor prior to 5.5.1.
What kind of information can be leaked due to CVE-2012-0263?
CVE-2012-0263 can lead to the exposure of sensitive data like database and user credentials.
What triggers the vulnerability in CVE-2012-0263?
The vulnerability in CVE-2012-0263 can be triggered by malformed parameters in requests to the status service.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- agent/source
- vendor/op5
- canonical/op5 monitor
- version/op5 monitor/5.5.0
- version/op5 monitor/5.3.5
- version/op5 monitor/5.4.0
- version/op5 monitor/5.4.2