CVE-2019-11455
published 2019-04-22CVE-2019-11455: A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent…
PriorityP339high8.1CVSS 3.1
AVNACLPRLUINSUCHINAH
EPSS
3.14%
86.3th percentile
A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage).
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | monit | < monit 1:5.25.3-1 (bookworm) | monit 1:5.25.3-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| tildeslash | monit | < 5.25.3 | 5.25.3 |
| tildeslash | monit | >= 0 < 1:5.25.3-1 | 1:5.25.3-1 |
| tildeslash | monit | >= 0 < 1:5.25.3-1 | 1:5.25.3-1 |
| tildeslash | monit | >= 0 < 1:5.25.3-1 | 1:5.25.3-1 |
| tildeslash | monit | >= 0 < 1:5.25.3-1 | 1:5.25.3-1 |
| tildeslash | monit | >= 0 < 1:5.6-2ubuntu0.1+esm2 | 1:5.6-2ubuntu0.1+esm2 |
| tildeslash | monit | >= 0 < 1:5.16-2ubuntu0.2+esm1 | 1:5.16-2ubuntu0.2+esm1 |
| tildeslash | monit | >= 0 < 1:5.25.1-1ubuntu0.1~esm1 | 1:5.25.1-1ubuntu0.1~esm1 |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
nvdv2.05.5MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:P
osv8.1HIGH
vendor_debian8.1HIGH
vendor_ubuntu6.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Monit vulnerabilities
vendor_ubuntu·2021-03-15·CVSS 6.1
CVE-2019-11455 [MEDIUM] Monit vulnerabilities
Title: Monit vulnerabilities
Summary: Several security issues were fixed in Monit.
Zack Flack discovered that Monit incorrectly handled certain input. A
remote authenticated user could exploit this to conduct cross-site
scripting (XSS) attacks. (CVE-2019-11454)
Zack Flack discovered a buffer overread when Monit decoded certain crafted
URLs. An attacker could exploit this to potentially leak sensitive
information. (CVE-2019-11455)
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
Monit vulnerabilities
vendor_ubuntu·2019-05-08·CVSS 6.1
CVE-2019-11454 [MEDIUM] Monit vulnerabilities
Title: Monit vulnerabilities
Summary: Several security issues were fixed in Monit
Zack Flack discovered that Monit incorrectly handled certain input. A remote
authenticated user could exploit this to conduct cross-site scripting (XSS)
attacks. (CVE-2019-11454)
Zack Flack discovered a buffer overread when Monit decoded certain crafted URLs.
An attacker could exploit this to leak potentially sensitive information.
(CVE-2019-11455)
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2019-11455: monit - A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3...
vendor_debian·2019·CVSS 8.1
CVE-2019-11455 [HIGH] CVE-2019-11455: monit - A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3...
A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage).
Scope: local
bookworm: resolved (fixed in 1:5.25.3-1)
bullseye: resolved (fixed in 1:5.25.3-1)
forky: resolved (fixed in 1:5.25.3-1)
sid: resolved (fixed in 1:5.25.3-1)
trixie: resolved (fixed in 1:5.25.3-1)
GHSA
Buffer overflow
ghsa_unreviewed·2022-05-24
CVE-2019-11455 [HIGH] CWE-125 Buffer overflow
Buffer overflow
A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage).
OSV
monit vulnerabilities
osv·2021-03-15·CVSS 6.1
CVE-2019-11454 [MEDIUM] monit vulnerabilities
monit vulnerabilities
Zack Flack discovered that Monit incorrectly handled certain input. A
remote authenticated user could exploit this to conduct cross-site
scripting (XSS) attacks. (CVE-2019-11454)
Zack Flack discovered a buffer overread when Monit decoded certain crafted
URLs. An attacker could exploit this to potentially leak sensitive
information. (CVE-2019-11455)
OSV
CVE-2019-11455: A buffer over-read in Util_urlDecode in util
osv·2019-04-22·CVSS 8.1
CVE-2019-11455 [HIGH] CVE-2019-11455: A buffer over-read in Util_urlDecode in util
A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage).
No detection rules found.
Wiz
CVE-2020-36968 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.1
CVE-2020-36968 [MEDIUM] CVE-2020-36968 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2020-36968 :
Monit vulnerability analysis and mitigation
M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/list and /api/1/admin/users/get endpoints to extract MD5 password hashes for all users.
Source : NVD
## 7.1
Score
Published January 28, 2026
Severity HIGH
CNA Score 7.1
Affected Technologies
Monit
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 45.5
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
monit
Sources
NVD
Echo Severity MEDIUM No Fix Added at: Jan 29, 2026
## Get a CVE ris
Wiz
CVE-2020-36969 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.1
CVE-2020-36969 [MEDIUM] CVE-2020-36969 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2020-36969 :
Monit vulnerability analysis and mitigation
M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /api/1/admin/users/update endpoint with a crafted payload to grant administrative access to a standard user account.
Source : NVD
## 8.7
Score
Published January 28, 2026
Severity HIGH
CNA Score 8.7
Affected Technologies
Monit
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 25
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
monit
Sources
NVD
Echo Severity HIGH No Fix Added at: Jan 29, 2026
## Get a CVE
Bugzilla
CVE-2019-11454 CVE-2019-11455 monit: various flaws [epel-all]
bugzilla·2019-04-24·CVSS 6.1
CVE-2019-11454 [MEDIUM] CVE-2019-11454 CVE-2019-11455 monit: various flaws [epel-all]
CVE-2019-11454 CVE-2019-11455 monit: various flaws [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora EPEL. W
Bugzilla
CVE-2019-11455 monit: buffer over-read in function Util_urlDecode in util.c
bugzilla·2019-04-24·CVSS 8.1
CVE-2019-11455 [HIGH] CVE-2019-11455 monit: buffer over-read in function Util_urlDecode in util.c
CVE-2019-11455 monit: buffer over-read in function Util_urlDecode in util.c
A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage).
References:
https://github.com/dzflack/exploits/blob/master/macos/monit_dos.py
https://github.com/dzflack/exploits/blob/master/unix/monit_buffer_overread.py
Upstream commit:
https://bitbucket.org/tildeslash/monit/commits/f12d0cdb42d4e74dffe1525d4062c815c48ac57a
Discussion:
Created monit tracking bugs for this issue:
Affects: fedora-all [bug 1702683]
---
Created monit tracking bugs for this issue:
Affects: epel-all [bug 1702684]
---
Bugzilla
CVE-2019-11454 CVE-2019-11455 monit: various flaws [fedora-all]
bugzilla·2019-04-24·CVSS 6.1
CVE-2019-11454 [MEDIUM] CVE-2019-11454 CVE-2019-11455 monit: various flaws [fedora-all]
CVE-2019-11454 CVE-2019-11455 monit: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. Wh
https://bitbucket.org/tildeslash/monit/commits/f12d0cdb42d4e74dffe1525d4062c815c48ac57ahttps://github.com/dzflack/exploits/blob/master/macos/monit_dos.pyhttps://github.com/dzflack/exploits/blob/master/unix/monit_buffer_overread.pyhttps://lists.debian.org/debian-lts-announce/2019/04/msg00028.htmlhttps://lists.debian.org/debian-lts-announce/2021/12/msg00018.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZQDHRSKTEX5MSYXNCGFTUSFGANBARHX/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L475QJMFFI2QV5QEHAKKPVX6QX6ECUL6/https://usn.ubuntu.com/3971-1/https://bitbucket.org/tildeslash/monit/commits/f12d0cdb42d4e74dffe1525d4062c815c48ac57ahttps://github.com/dzflack/exploits/blob/master/macos/monit_dos.pyhttps://github.com/dzflack/exploits/blob/master/unix/monit_buffer_overread.pyhttps://lists.debian.org/debian-lts-announce/2019/04/msg00028.htmlhttps://lists.debian.org/debian-lts-announce/2021/12/msg00018.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZQDHRSKTEX5MSYXNCGFTUSFGANBARHX/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L475QJMFFI2QV5QEHAKKPVX6QX6ECUL6/https://usn.ubuntu.com/3971-1/
2019-04-22
Published