Security fixes in PRTG 19.3.51/19.4.52

The current version PRTG 19.3.51/19.4.52 includes some security fixes:
  • PRTG Core Server XSS Cross-Site-Scripting
    We fixed potential reflected XSS vulnerabilities with medium severity on the PRTG core server. The potential vulnerabilities affected tag filters, object IDs, and the contact support/feedback page. Please note that the fixed vulnerabilities required a logged in PRTG user account to be exploited.
  • Sensors DoS
    We fixed a potential Denial of Service (DoS) vulnerability of the HTTP Full Web Page sensor. Please note that the fixed vulnerability required a logged in PRTG user account with elevated rights to be exploited. (CVE-2019-11074) 
Besides those security fixes some new improvements made it into the release, too. More information can be found in the release notes https://www.de.paessler.com/prtg/history/stable or in the blog of the vendor: https://blog.paessler.com/prtg-release-19.3.51-and-19.4.52-news-roundup. Information regarding previous security issues with proof of concept are listed here: https://sensepost.com/blog/2019/being-stubborn-pays-off-pt.-1-cve-2018-19204/
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Cribl - Change values to lowerCase

Some logs (e.g. Microsoft Azure) sometimes are not fully normalized to all lowercase characters. You can use Cribl to adjust those values by...