CVE-2017-2826
LOWZabbix 2.4.X - Information Disclosure via iConfig Proxy Request
Title source: llmDescription
An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X. A specially crafted iConfig proxy request can cause the Zabbix server to send the configuration information of any Zabbix proxy, resulting in information disclosure. An attacker can make requests from an active Zabbix proxy to trigger this vulnerability.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://talosintelligence.com/vulnerability_reports/TALOS-2017-0327
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/03/msg00010.html
Scores
CVSS v3
3.7
EPSS
0.0339
EPSS Percentile
87.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (11)
debian/debian_linux
8.0
zabbix/zabbix
2.4.0 (4 CPE variants)
zabbix/zabbix
2.4.1 (3 CPE variants)
zabbix/zabbix
2.4.2 (2 CPE variants)
zabbix/zabbix
2.4.3 (2 CPE variants)
zabbix/zabbix
2.4.4 (2 CPE variants)
zabbix/zabbix
2.4.5 (2 CPE variants)
zabbix/zabbix
2.4.6 (2 CPE variants)
zabbix/zabbix
2.4.7 (2 CPE variants)
zabbix/zabbix
2.4.8 (2 CPE variants)
... and 1 more
Published
Apr 09, 2018
Tracked Since
Feb 18, 2026