[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-5028Date: (C)2008-11-10   (M)2023-12-22


Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.6
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1022165
SECUNIA-32610
SECUNIA-32630
SECUNIA-33320
SECUNIA-35002
OSVDB-49678
ADV-2008-3029
ADV-2009-1256
GLSA-200907-15
SSRT090060
USN-698-3
http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se&forum_name=nagios-devel
http://www.openwall.com/lists/oss-security/2008/11/06/2
http://git.op5.org/git/?p=nagios.git%3Ba=commit%3Bh=814d8d4d1a73f7151eeed187c0667585d79fea18
http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor
nagios-cmd-csrf(46426)
op5monitor-unspecified-csrf(46521)

CPE    19
cpe:/a:nagios:nagios:3.0:alpha2
cpe:/a:nagios:nagios:3.0:alpha1
cpe:/a:nagios:nagios:3.0:rc1
cpe:/a:nagios:nagios:3.0:rc2
...
CWE    1
CWE-352

© SecPod Technologies