Page 1 of 1

Regarding Possible internal IP address disclosure

Posted: Tue May 14, 2019 11:40 am
by rajatbel
A string matching an internal IPv4 address was found on this page. This may disclose information about the IP addressing scheme of the internal network. This information can be used to conduct further attacks
During GET /Nagios/cgi-bin/status.json?details=true HTTP/1.1
communication between client and CGI is not encrypted.

Re: Regarding Possible internal IP address disclosure

Posted: Tue May 14, 2019 11:44 am
by scottwilkerson
Is there a question here?

I'm not sure what is producing this status.json you are referring to as that is not part of the nagios package.

Additionally, by default everything in the nagios directory should be blocked by basic authentication