Welcome to docs.opsview.com


This shows you the differences between two versions of the page.

opsview4.4:known_issues [2016/08/31 11:40] (current)
dferguson created
Line 1: Line 1:
 +====== Security Patch ======
 +As reported by Piotr Karolak of Trustwave's SpiderLabs a security vulnerability was identified that has the potential to allow unauthenticated access to the file system of an Opsview Monitor system by issuing a specially crafted HTTP GET request.
 +Opsview have created a patch to resolve this security vulnerability which can be easily applied to supported versions of the Opsview Monitor system. We strongly recommend that you upgrade to a supported version as we will not be providing a patch for older versions. We are conscious that it may take a little while to plan, implement and upgrade, and we would not want any of our customers running a system with a potential vulnerability so we have provided the below Apache configuration change that helps to counter this particular vulnerability.
 +You will need to locate your Opsview Apache configuration file (on Debian and Ubuntu this is usually in /etc/apache2/sites-enabled/, or for CentOS and RHEL, look in /etc/httpd/conf.d).
 +Edit the file and just above the lines starting with 'ProxyPass' at the bottom of the file, insert these new lines:
 +  RewriteEngine on
 +  RewriteRule %5C / [NC,R]
 +  RewriteRule %00 / [NC,R]
 +  RewriteRule (%2e|%46)(%2e|%46) / [NC,R]
 +  RewriteRule \.\.(%2f|%c0%af|%c1%1c) / [NC,R]
 +Test the configuration change by using 'apache2ctl -t' (or 'apachectl -t', depending on your OS) and if no errors are shown, restarted Apache ('service apache2 restart', 'service httpd restart' or '/etc/init.d/httpd restart', again depending on your OS).
 +If you do get errors, you may need to enable the Apache Rewrite module (either 'en2mod rewrite' or locate the line for 'mod_rewrite.so' in your apache configuration and uncomment it).