[Forgot Password]
Login  Register Subscribe

24003

 
 

131573

 
 

108566

 
 

909

 
 

85401

 
 

134

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2008-5028Date: (C)2008-11-10   (M)2018-02-19


Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 6.8
Exploit Score: Exploit Score: 8.6
Impact Score: Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: MEDIUM
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: PARTIAL
Scope: Integrity: PARTIAL
Confidentiality: Availability: PARTIAL
Integrity:  
Availability:  
  
Reference:
SECTRACK-1022165
SECUNIA-32610
SECUNIA-32630
SECUNIA-33320
SECUNIA-35002
OSVDB-49678
ADV-2008-3029
ADV-2009-1256
GLSA-200907-15
HPSBMA02419
SSRT090060
USN-698-3
http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se&forum_name=nagios-devel
http://www.openwall.com/lists/oss-security/2008/11/06/2
http://git.op5.org/git/?p=nagios.git;a=commit;h=814d8d4d1a73f7151eeed187c0667585d79fea18
http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor
nagios-cmd-csrf(46426)
op5monitor-unspecified-csrf(46521)

CPE    19
cpe:/a:nagios:nagios:3.0:alpha2
cpe:/a:nagios:nagios:3.0:alpha1
cpe:/a:nagios:nagios:3.0:rc1
cpe:/a:nagios:nagios:3.0:rc2
...
CWE    1
CWE-352

© SecPod Technologies