Ubuntu
nagios3 package

insecure img src in main.html

Bug #725220 reported by Mark Foster
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
nagios3 (Ubuntu)
Triaged
Undecided
Unassigned

Bug Description

Binary package hint: nagios3

File from nagios3-cgi: /usr/share/nagios3/htdocs/main.html
containts an insecure img src from
http://sflogo.sourceforge.net/sflogo.php?group_id=26589&type=2

NOTE: Everything else on that main.html page is local relative URL thus agnostic to http or https.

Thus when accessing nagios under https, the site is compromised since most browser don't like the one insecure image src.
Please remove the link or pull it into the nagios package as a local resource and change the img src to also be relative.

Revision history for this message
Mark Foster (fostermarkd) wrote :
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Thanks for reporting this issue. This is a change that need to happen with the upstream Nagios project. Could you please file a bug with the upstream Nagios project, and link the bug here. Thanks.

visibility: private → public
security vulnerability: yes → no
Revision history for this message
Mark Foster (fostermarkd) wrote :

Reported upstream. See http://tracker.nagios.org/view.php?id=206

Revision history for this message
Mark Foster (fostermarkd) wrote :

Marc - I'm curious why you think this isn't a security vulnerability.

Serge Hallyn (serge-hallyn)
Changed in nagios3 (Ubuntu):
status: New → Confirmed
status: Confirmed → Triaged
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.