[3.9] monit: Multiple vulnerabilities (CVE-2019-11454, CVE-2019-11455)
CVE-2019-11454: cross-site scripting (XSS) in http/cervlet.c
Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash
Monit before 5.25.3 allows a remote unauthenticated attacker to
via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an _viewlog operation.
CVE-2019-11455: buffer over-read in function Util_urlDecode in util.c
A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit
before 5.25.3 allows a remote authenticated attacker to retrieve the
contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage).
(from redmine: issue id 10492, created on 2019-05-28, closed on 2019-06-05)
main/monit: security fixes (CVE-2019-11454, CVE-2019-11455) Fixes #10492