CVE-2017-11507

EUVD-2017-3124
A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the output_format parameter, and the username parameter of failed HTTP basic authentication attempts, which is returned unencoded in an internal server error page.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
Affected Products (NVD)
VendorProductVersion
check_mk_projectcheck_mk
1.2.8
check_mk_projectcheck_mk
1.2.8:b1
check_mk_projectcheck_mk
1.2.8:b10
check_mk_projectcheck_mk
1.2.8:b11
check_mk_projectcheck_mk
1.2.8:b2
check_mk_projectcheck_mk
1.2.8:b3
check_mk_projectcheck_mk
1.2.8:b4
check_mk_projectcheck_mk
1.2.8:b5
check_mk_projectcheck_mk
1.2.8:b6
check_mk_projectcheck_mk
1.2.8:b7
check_mk_projectcheck_mk
1.2.8:b8
check_mk_projectcheck_mk
1.2.8:b9
check_mk_projectcheck_mk
1.2.8:p1
check_mk_projectcheck_mk
1.2.8:p10
check_mk_projectcheck_mk
1.2.8:p11
check_mk_projectcheck_mk
1.2.8:p12
check_mk_projectcheck_mk
1.2.8:p13
check_mk_projectcheck_mk
1.2.8:p14
check_mk_projectcheck_mk
1.2.8:p15
check_mk_projectcheck_mk
1.2.8:p16
check_mk_projectcheck_mk
1.2.8:p17
check_mk_projectcheck_mk
1.2.8:p18
check_mk_projectcheck_mk
1.2.8:p19
check_mk_projectcheck_mk
1.2.8:p2
check_mk_projectcheck_mk
1.2.8:p20
check_mk_projectcheck_mk
1.2.8:p21
check_mk_projectcheck_mk
1.2.8:p22
check_mk_projectcheck_mk
1.2.8:p23
check_mk_projectcheck_mk
1.2.8:p24
check_mk_projectcheck_mk
1.2.8:p25
check_mk_projectcheck_mk
1.2.8:p3
check_mk_projectcheck_mk
1.2.8:p4
check_mk_projectcheck_mk
1.2.8:p5
check_mk_projectcheck_mk
1.2.8:p6
check_mk_projectcheck_mk
1.2.8:p7
check_mk_projectcheck_mk
1.2.8:p8
check_mk_projectcheck_mk
1.2.8:p9
check_mk_projectcheck_mk
1.4.0
check_mk_projectcheck_mk
1.4.0:b1
check_mk_projectcheck_mk
1.4.0:b2
check_mk_projectcheck_mk
1.4.0:b3
check_mk_projectcheck_mk
1.4.0:b4
check_mk_projectcheck_mk
1.4.0:b5
check_mk_projectcheck_mk
1.4.0:b6
check_mk_projectcheck_mk
1.4.0:b7
check_mk_projectcheck_mk
1.4.0:b8
check_mk_projectcheck_mk
1.4.0:b9
check_mk_projectcheck_mk
1.4.0:p1
check_mk_projectcheck_mk
1.4.0:p2
check_mk_projectcheck_mk
1.4.0:p3
check_mk_projectcheck_mk
1.4.0:p4
check_mk_projectcheck_mk
1.4.0:p5
check_mk_projectcheck_mk
1.4.0:p6
check_mk_projectcheck_mk
1.4.0:p7
check_mk_projectcheck_mk
1.4.0:p8
check_mk_projectcheck_mk
1.4.0:p9
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
check-mk
artful
ignored
bionic
needed
cosmic
ignored
disco
ignored
eoan
ignored
focal
dne
groovy
dne
hirsute
dne
impish
dne
jammy
dne
kinetic
dne
lunar
dne
mantic
dne
noble
dne
trusty
dne
xenial
needed
zesty
ignored
Common Weakness Enumeration
References
http://mathias-kettner.com/check_mk_werks.php?werk_id=7661
https://www.tenable.com/security/research/tra-2017-20
http://mathias-kettner.com/check_mk_werks.php?werk_id=7661
https://www.tenable.com/security/research/tra-2017-20