Package: monitoring-plugins-basic Version: 2.2-3 Severity: normal Dear Maintainer,
* What led up to the situation ? Using check_http with POST data * What exactly did you do (or not do) that was effective (or ineffective) ? check_http is used with POST data to check a web application is answerng properly * What was the outcome of this action ? Extra CRLF triggering alarm in WAF because not complying to RFC * What outcome did you expect instead ? Packet not blocked by WAF This is a known bug which could lead to security issues (disabled WAF checks to allow requests). cf : https://github.com/nagios-plugins/nagios-plugins/issues/266 -- System Information: Debian Release: 9.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-8-amd64 (SMP w/1 CPU core) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages monitoring-plugins-basic depends on: ii iputils-ping 3:20161105-1 ii libc6 2.24-11+deb9u3 ii libssl1.1 1.1.0f-3+deb9u2 ii monitoring-plugins-common 2.2-3 ii procps 2:3.3.12-3+deb9u1 ii ucf 3.0036 Versions of packages monitoring-plugins-basic recommends: ii libcap2-bin 1:2.25-1 Versions of packages monitoring-plugins-basic suggests: ii icinga 1.13.4-2 -- no debconf information
