CVE-2011-3264

Description

Zabbix before 1.8.6 allows remote attackers to obtain sensitive information via an invalid srcfld2 parameter to popup.php, which reveals the installation path in an error message.

How to fix CVE-2011-3264

To remediate CVE-2011-3264, upgrade the affected package to a fixed version below.

• Debian/zabbix—upgrade to 1:1.8.6-1 or later

Is CVE-2011-3264 being exploited?

Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1:1.8.6-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2011-3264