Lucene search
+L

Check_MK < 1.2.8p25, 1.4.x < 1.4.0p9 XSS Vulnerability

🗓️ 12 Dec 2017 00:00:00Reported by Copyright (C) 2017 Greenbone AGType 
openvas
 openvas
🔗 plugins.openvas.org👁 57 Views

Check_MK XSS Vulnerability in versions before 1.2.8x and 1.4.0

Related
Refs
Code
ReporterTitlePublishedViews
Family
nessus
Check_MK Internal Server Error XSS
14 Dec 201700:00
nessus
nessus
Linux Distros Unpatched Vulnerability : CVE-2017-11507
3 Sep 202500:00
nessus
cnvd
Mathias Kettner Check_MK Cross-Site Scripting Vulnerability
12 Dec 201700:00
cnvd
cve
CVE-2017-11507
11 Dec 201716:00
cve
cvelist
CVE-2017-11507
11 Dec 201716:00
cvelist
euvd
EUVD-2017-3124
7 Oct 202500:30
euvd
nvd
CVE-2017-11507
11 Dec 201716:29
nvd
osv
UBUNTU-CVE-2017-11507
11 Dec 201716:29
osv
prion
Cross site scripting
11 Dec 201716:29
prion
redhatcve
CVE-2017-11507
12 Dec 201711:20
redhatcve
Rows per page
# SPDX-FileCopyrightText: 2017 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:checkmk:checkmk";

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.140596");
  script_version("2025-09-12T15:39:53+0000");
  script_tag(name:"last_modification", value:"2025-09-12 15:39:53 +0000 (Fri, 12 Sep 2025)");
  script_tag(name:"creation_date", value:"2017-12-12 11:05:49 +0700 (Tue, 12 Dec 2017)");
  script_tag(name:"cvss_base", value:"4.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2017-12-26 18:10:00 +0000 (Tue, 26 Dec 2017)");

  script_cve_id("CVE-2017-11507");

  script_tag(name:"qod_type", value:"remote_banner");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("Check_MK < 1.2.8p25, 1.4.x < 1.4.0p9 XSS Vulnerability");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2017 Greenbone AG");
  script_family("Web application abuses");
  script_dependencies("gb_checkmk_server_http_detect.nasl");
  script_mandatory_keys("checkmk/server/detected");

  script_tag(name:"summary", value:"Check_MK is prone to a cross-site scripting (XSS)
  vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"A cross site scripting (XSS) vulnerability exists in Check_MK,
  allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the output_format
  parameter, and the username parameter of failed HTTP basic authentication attempts, which is
  returned unencoded in an internal server error page.");

  script_tag(name:"affected", value:"Check_MK prior to version 1.2.8p25 and 1.4.x prior to
  1.4.0p9.");

  script_tag(name:"solution", value:"Update to version 1.2.8p25, 1.4.0p9 or later.");

  script_xref(name:"URL", value:"http://mathias-kettner.com/check_mk_werks.php?werk_id=7661");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if (!port = get_app_port(cpe: CPE))
  exit(0);

if (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))
  exit(0);

version = infos["version"];
location = infos["location"];

if (version_is_less(version: version, test_version: "1.2.8p25")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "1.2.8p25", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

if (version_in_range(version: version, test_version: "1.4.0", test_version2: "1.4.0p8")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "1.4.0p9", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

exit(99);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation