6.8

CVE-2008-5028

Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NagiosNagios Version <= 3.0.4
NagiosNagios Version1.0
NagiosNagios Version1.0_b1
NagiosNagios Version1.0_b2
NagiosNagios Version1.0_b3
NagiosNagios Version1.0b1
NagiosNagios Version1.0b2
NagiosNagios Version1.0b3
NagiosNagios Version1.0b4
NagiosNagios Version1.0b5
NagiosNagios Version1.0b6
NagiosNagios Version1.1
NagiosNagios Version1.2
NagiosNagios Version1.3
NagiosNagios Version1.4
NagiosNagios Version1.4.1
NagiosNagios Version2.0
NagiosNagios Version2.0b1
NagiosNagios Version2.0b2
NagiosNagios Version2.0b3
NagiosNagios Version2.0b4
NagiosNagios Version2.0b5
NagiosNagios Version2.0b6
NagiosNagios Version2.0rc1
NagiosNagios Version2.0rc2
NagiosNagios Version2.1
NagiosNagios Version2.2
NagiosNagios Version2.3
NagiosNagios Version2.3.1
NagiosNagios Version2.4
NagiosNagios Version2.5
NagiosNagios Version2.7
NagiosNagios Version2.8
NagiosNagios Version2.9
NagiosNagios Version2.10
NagiosNagios Version2.11
NagiosNagios Version3.0
NagiosNagios Version3.0 Updatealpha1
NagiosNagios Version3.0 Updatealpha2
NagiosNagios Version3.0 Updatealpha3
NagiosNagios Version3.0 Updatealpha4
NagiosNagios Version3.0 Updatebeta1
NagiosNagios Version3.0 Updatebeta2
NagiosNagios Version3.0 Updatebeta3
NagiosNagios Version3.0 Updatebeta4
NagiosNagios Version3.0 Updatebeta5
NagiosNagios Version3.0 Updatebeta6
NagiosNagios Version3.0 Updatebeta7
NagiosNagios Version3.0 Updaterc1
NagiosNagios Version3.0 Updaterc2
NagiosNagios Version3.0 Updaterc3
NagiosNagios Version3.0.1
NagiosNagios Version3.0.2
NagiosNagios Version3.0.3
Op5Monitor Version <= 4.0.0
Op5Monitor Version2.4
Op5Monitor Version2.6
Op5Monitor Version2.8
Op5Monitor Version3.0
Op5Monitor Version3.0.0
Op5Monitor Version3.2
Op5Monitor Version3.2.4
Op5Monitor Version3.3.1
Op5Monitor Version3.3.2
Op5Monitor Version3.3.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.68% 0.739
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

http://marc.info/?l=bugtraq&m=124156641928637&w=2
http://secunia.com/advisories/33320
http://secunia.com/advisories/35002
http://security.gentoo.org/glsa/glsa-200907-15.xml
http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se&forum_name=nagios-devel
Patch
http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor
Patch
Vendor Advisory
http://www.openwall.com/lists/oss-security/2008/11/06/2
http://www.securitytracker.com/id?1022165
http://www.vupen.com/english/advisories/2008/3029
http://www.vupen.com/english/advisories/2009/1256
https://www.ubuntu.com/usn/USN-698-3/
http://git.op5.org/git/?p=nagios.git%3Ba=commit%3Bh=814d8d4d1a73f7151eeed187c0667585d79fea18
http://osvdb.org/49678
http://secunia.com/advisories/32610
Vendor Advisory
http://secunia.com/advisories/32630
https://exchange.xforce.ibmcloud.com/vulnerabilities/46426
https://exchange.xforce.ibmcloud.com/vulnerabilities/46521