Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Nagios XI < 2024R1.2.2 Host Header Injection
Vulnerability Description
Nagios XI versions prior to 2024R1.2.2 contain a host header injection vulnerability. The application trusts the user-supplied HTTP Host header when constructing absolute URLs without sufficient validation. An unauthenticated, remote attacker can supply a crafted Host header to poison generated links or responses, which may facilitate phishing of credentials, account recovery link hijacking, and web cache poisoning.
CVSS Information
N/A
Vulnerability Type
源验证错误
Vulnerability Title
Nagios XI 安全漏洞
Vulnerability Description
Nagios XI是美国Nagios公司的一套IT基础设施监控解决方案。该方案支持对应用、服务、操作系统等进行监控和预警。 Nagios XI 2024R1.2.2之前版本存在安全漏洞,该漏洞源于未充分验证用户提供的HTTP Host标头,可能导致凭据钓鱼、账户恢复链接劫持和Web缓存投毒。
CVSS Information
N/A
Vulnerability Type
N/A