First published: Mon Apr 09 2018(Updated: )
Credit: talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Zabbix Zabbix | =2.4.0 | |
Zabbix Zabbix | =2.4.0-rc1 | |
Zabbix Zabbix | =2.4.0-rc2 | |
Zabbix Zabbix | =2.4.0-rc3 | |
Zabbix Zabbix | =2.4.1 | |
Zabbix Zabbix | =2.4.1-rc1 | |
Zabbix Zabbix | =2.4.1-rc2 | |
Zabbix Zabbix | =2.4.2 | |
Zabbix Zabbix | =2.4.2-rc1 | |
Zabbix Zabbix | =2.4.3 | |
Zabbix Zabbix | =2.4.3-rc1 | |
Zabbix Zabbix | =2.4.4 | |
Zabbix Zabbix | =2.4.4-rc1 | |
Zabbix Zabbix | =2.4.5 | |
Zabbix Zabbix | =2.4.5-rc1 | |
Zabbix Zabbix | =2.4.6 | |
Zabbix Zabbix | =2.4.6-rc1 | |
Zabbix Zabbix | =2.4.7 | |
Zabbix Zabbix | =2.4.7-rc1 | |
Zabbix Zabbix | =2.4.8 | |
Zabbix Zabbix | =2.4.8-rc1 | |
Zabbix Zabbix | =2.4.9 | |
Zabbix Zabbix | =2.4.9-rc1 | |
Debian Debian Linux | =8.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-2826 is an information disclosure vulnerability in the iConfig proxy request of Zabbix server 2.4.X.
The severity of CVE-2017-2826 is medium.
An attacker can exploit CVE-2017-2826 by sending a specially crafted iConfig proxy request to the Zabbix server, causing it to disclose the configuration information of any Zabbix proxy.
Zabbix server versions 2.4.0 to 2.4.9, including release candidates, are affected by CVE-2017-2826.
To fix CVE-2017-2826, upgrade to a version of Zabbix server that is not affected by the vulnerability.