Possible server path disclosure on showlog.cgi

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Locked
rajatbel
Posts: 2
Joined: Tue May 14, 2019 5:31 am

Possible server path disclosure on showlog.cgi

Post by rajatbel »

Sensitive data like "/usr/local/nagios/var/nagios.log" is seen on paged displayed with showlog.cgi
One or more fully qualified path names were found on this page.
From this information the attacker may learn the file system structure from the web server. This information can be used to conduct further attacks.
please prevent this information and others from being displayed to the user .
scottwilkerson
DevOps Engineer
Posts: 19396
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises
Contact:

Re: Possible server path disclosure on showlog.cgi

Post by scottwilkerson »

This would be behind basic authentication where only people with credentials could access.
Former Nagios employee
Creator:
ahumandesign.com
enneagrams.com
Locked