[Forgot Password]
Login  Register Subscribe

23631

 
 

122183

 
 

98060

 
 

909

 
 

79198

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2008-5028

Date: (C)2008-11-10   (M)2017-08-08 


Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests.

CVSS Score: 6.8Access Vector: NETWORK
Exploit Score: 8.6Access Complexity: MEDIUM
Impact Score: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL





Reference:
SECTRACK-1022165
SECUNIA-32610
SECUNIA-32630
SECUNIA-33320
SECUNIA-35002
OSVDB-49678
ADV-2008-3029
ADV-2009-1256
GLSA-200907-15
HPSBMA02419
SSRT090060
USN-698-3
http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se&forum_name=nagios-devel
http://www.openwall.com/lists/oss-security/2008/11/06/2
http://git.op5.org/git/?p=nagios.git;a=commit;h=814d8d4d1a73f7151eeed187c0667585d79fea18
http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor
nagios-cmd-csrf(46426)
op5monitor-unspecified-csrf(46521)

CPE    19
cpe:/a:nagios:nagios:3.0:alpha2
cpe:/a:nagios:nagios:3.0:alpha1
cpe:/a:nagios:nagios:3.0:rc1
cpe:/a:nagios:nagios:3.0:rc2
...
CWE    1
CWE-352

© 2013 SecPod Technologies