[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2008-5028

Date: (C)2008-11-10   (M)2017-08-08
 
CVSS Score: 6.8Access Vector: NETWORK
Exploitability Subscore: 8.6Access Complexity: MEDIUM
Impact Subscore: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL











Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests.

Reference:
SECTRACK-1022165
SECUNIA-32610
SECUNIA-32630
SECUNIA-33320
SECUNIA-35002
OSVDB-49678
ADV-2008-3029
ADV-2009-1256
GLSA-200907-15
HPSBMA02419
SSRT090060
USN-698-3
http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se&forum_name=nagios-devel
http://www.openwall.com/lists/oss-security/2008/11/06/2
http://git.op5.org/git/?p=nagios.git;a=commit;h=814d8d4d1a73f7151eeed187c0667585d79fea18
http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor
nagios-cmd-csrf(46426)
op5monitor-unspecified-csrf(46521)

CPE    19
cpe:/a:nagios:nagios:3.0:alpha2
cpe:/a:nagios:nagios:3.0:alpha1
cpe:/a:nagios:nagios:3.0:rc1
cpe:/a:nagios:nagios:3.0:rc2
...
CWE    1
CWE-352

© 2013 SecPod Technologies