CVE-2017-11507

A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the output_format parameter, and the username parameter of failed HTTP basic authentication attempts, which is returned unencoded in an internal server error page.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
tenableCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
VendorProductVersion
check_mk_projectcheck_mk
1.2.8
check_mk_projectcheck_mk
1.2.8:b1
check_mk_projectcheck_mk
1.2.8:b10
check_mk_projectcheck_mk
1.2.8:b11
check_mk_projectcheck_mk
1.2.8:b2
check_mk_projectcheck_mk
1.2.8:b3
check_mk_projectcheck_mk
1.2.8:b4
check_mk_projectcheck_mk
1.2.8:b5
check_mk_projectcheck_mk
1.2.8:b6
check_mk_projectcheck_mk
1.2.8:b7
check_mk_projectcheck_mk
1.2.8:b8
check_mk_projectcheck_mk
1.2.8:b9
check_mk_projectcheck_mk
1.2.8:p1
check_mk_projectcheck_mk
1.2.8:p10
check_mk_projectcheck_mk
1.2.8:p11
check_mk_projectcheck_mk
1.2.8:p12
check_mk_projectcheck_mk
1.2.8:p13
check_mk_projectcheck_mk
1.2.8:p14
check_mk_projectcheck_mk
1.2.8:p15
check_mk_projectcheck_mk
1.2.8:p16
check_mk_projectcheck_mk
1.2.8:p17
check_mk_projectcheck_mk
1.2.8:p18
check_mk_projectcheck_mk
1.2.8:p19
check_mk_projectcheck_mk
1.2.8:p2
check_mk_projectcheck_mk
1.2.8:p20
check_mk_projectcheck_mk
1.2.8:p21
check_mk_projectcheck_mk
1.2.8:p22
check_mk_projectcheck_mk
1.2.8:p23
check_mk_projectcheck_mk
1.2.8:p24
check_mk_projectcheck_mk
1.2.8:p25
check_mk_projectcheck_mk
1.2.8:p3
check_mk_projectcheck_mk
1.2.8:p4
check_mk_projectcheck_mk
1.2.8:p5
check_mk_projectcheck_mk
1.2.8:p6
check_mk_projectcheck_mk
1.2.8:p7
check_mk_projectcheck_mk
1.2.8:p8
check_mk_projectcheck_mk
1.2.8:p9
check_mk_projectcheck_mk
1.4.0
check_mk_projectcheck_mk
1.4.0:b1
check_mk_projectcheck_mk
1.4.0:b2
check_mk_projectcheck_mk
1.4.0:b3
check_mk_projectcheck_mk
1.4.0:b4
check_mk_projectcheck_mk
1.4.0:b5
check_mk_projectcheck_mk
1.4.0:b6
check_mk_projectcheck_mk
1.4.0:b7
check_mk_projectcheck_mk
1.4.0:b8
check_mk_projectcheck_mk
1.4.0:b9
check_mk_projectcheck_mk
1.4.0:p1
check_mk_projectcheck_mk
1.4.0:p2
check_mk_projectcheck_mk
1.4.0:p3
check_mk_projectcheck_mk
1.4.0:p4
check_mk_projectcheck_mk
1.4.0:p5
check_mk_projectcheck_mk
1.4.0:p6
check_mk_projectcheck_mk
1.4.0:p7
check_mk_projectcheck_mk
1.4.0:p8
check_mk_projectcheck_mk
1.4.0:p9
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
check-mk
noble
dne
mantic
dne
lunar
dne
kinetic
dne
jammy
dne
impish
dne
hirsute
dne
groovy
dne
focal
dne
eoan
ignored
disco
ignored
cosmic
ignored
bionic
needed
artful
ignored
zesty
ignored
xenial
needed
trusty
dne
Common Weakness Enumeration
References
http://mathias-kettner.com/check_mk_werks.php?werk_id=7661
https://www.tenable.com/security/research/tra-2017-20
http://mathias-kettner.com/check_mk_werks.php?werk_id=7661
https://www.tenable.com/security/research/tra-2017-20