Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
libs/zbxmedia/eztexting.c in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.8rc1, and 2.1.x before 2.1.2 does not properly set the CURLOPT_SSL_VERIFYHOST option for libcurl, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Zabbix ‘cURL’ API加密问题漏洞
Vulnerability Description
Zabbix是拉脱维亚Zabbix SIA公司的一套开源的监控系统。该系统可监视各种网络参数,并提供通知机制让系统管理员快速定位、解决存在的各种问题。 Zabbix中的libs/zbxmedia/eztexting.c文件中存在安全漏洞,该漏洞源于程序没有正确设置libcurl库的CURLOPT_SSL_VERIFYHOST选项。攻击者可借助任意有效的证书利用该漏洞实施中间人攻击欺骗SSL服务器。以下版本受到影响:Zabbix 1.8.18rc1之前的1.8.x版本,2.0.8rc1之前的2.0.x版本,
CVSS Information
N/A
Vulnerability Type
N/A