Back to CVE Browser

CVE-2019-11455

HIGH

8.1

CVSS Severity Score

EPSS Score0.0810%

EPSS Percentile2.70th

PublishedApr 22, 2019

Last ModifiedNov 21, 2024

Vulnerability Description

A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage).

Affected Platforms (CPE)

📦

Tildeslash

Monit

< 5.25.3

💻

Debian

Debian Linux

= 8.0

💻

Fedoraproject

Fedora

= 31

💻

Fedoraproject

Fedora

= 32

💻

Canonical

Ubuntu Linux

= 18.10

💻

Canonical

Ubuntu Linux

= 19.04

References & Advisories

🔗 https://bitbucket.org/tildeslash/monit/commits/f12d0cdb42d4e74dffe1525d4062c815c48ac57a

🔗 https://github.com/dzflack/exploits/blob/master/macos/monit_dos.py

🔗 https://github.com/dzflack/exploits/blob/master/unix/monit_buffer_overread.py

🔗 https://lists.debian.org/debian-lts-announce/2019/04/msg00028.html

🔗 https://lists.debian.org/debian-lts-announce/2021/12/msg00018.html

🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZQDHRSKTEX5MSYXNCGFTUSFGANBARHX/

🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L475QJMFFI2QV5QEHAKKPVX6QX6ECUL6/

🔗 https://usn.ubuntu.com/3971-1/

Related Vulnerabilities

CVE-2004-189810.0

Stack-based buffer overflow in the administration interface in Monit 1.4 through 4.2 allows remote attackers to execute arbitrary ...

CVE-2003-108310.0

Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote attackers to execute arbitrary code via a long HTTP request.

CVE-2020-162587.1

Winston 1.5.4 devices make use of a Monit service (not managed during the normal user process) which is configured with default cr...

CVE-2016-70676.5

Monit before version 5.20.0 is vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker ...