Xymon status-log Viewer CGI Buffer Overflow Vulnerability
A vulnerability in Xymon could allow an unauthenticated, remote attacker to access or modify data, or cause a denial of service (DoS) condition on an affected system.
The vulnerability is due to a buffer overflow condition in the status-log viewer CGI tool of the affected software and exists because of non-breaking space ( ) expansion in the appfeed.c file. An attacker could exploit this vulnerability by submitting malicious input to the affected system. A successful exploit could allow the attacker to access or modify data, or cause a DoS condition.
Xymon has confirmed the vulnerability and released a software update.
Security Impact Rating: Critical