5

CVE-2008-6373

Unspecified vulnerability in Nagios before 3.0.6 has unspecified impact and remote attack vectors related to CGI programs, "adaptive external commands," and "writing newlines and submitting service comments."

Data is provided by the National Vulnerability Database (NVD)
NagiosNagios Version <= 3.0.5
NagiosNagios Version1.0
NagiosNagios Version1.0_b1
NagiosNagios Version1.0_b2
NagiosNagios Version1.0_b3
NagiosNagios Version1.0b1
NagiosNagios Version1.0b2
NagiosNagios Version1.0b3
NagiosNagios Version1.0b4
NagiosNagios Version1.0b5
NagiosNagios Version1.0b6
NagiosNagios Version1.1
NagiosNagios Version1.2
NagiosNagios Version1.3
NagiosNagios Version1.4
NagiosNagios Version1.4.1
NagiosNagios Version2.0
NagiosNagios Version2.0b1
NagiosNagios Version2.0b2
NagiosNagios Version2.0b3
NagiosNagios Version2.0b4
NagiosNagios Version2.0b5
NagiosNagios Version2.0b6
NagiosNagios Version2.0rc1
NagiosNagios Version2.0rc2
NagiosNagios Version2.1
NagiosNagios Version2.2
NagiosNagios Version2.3
NagiosNagios Version2.3.1
NagiosNagios Version2.4
NagiosNagios Version2.5
NagiosNagios Version2.7
NagiosNagios Version2.8
NagiosNagios Version2.9
NagiosNagios Version2.10
NagiosNagios Version2.11
NagiosNagios Version3.0
NagiosNagios Version3.0 Updatealpha1
NagiosNagios Version3.0 Updatealpha2
NagiosNagios Version3.0 Updatealpha3
NagiosNagios Version3.0 Updatealpha4
NagiosNagios Version3.0 Updatebeta1
NagiosNagios Version3.0 Updatebeta2
NagiosNagios Version3.0 Updatebeta3
NagiosNagios Version3.0 Updatebeta4
NagiosNagios Version3.0 Updatebeta5
NagiosNagios Version3.0 Updatebeta6
NagiosNagios Version3.0 Updatebeta7
NagiosNagios Version3.0 Updaterc1
NagiosNagios Version3.0 Updaterc2
NagiosNagios Version3.0 Updaterc3
NagiosNagios Version3.0.1
NagiosNagios Version3.0.2
NagiosNagios Version3.0.3
NagiosNagios Version3.0.4
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.31% 0.514
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://www.nagios.org/news/#88
Patch
Vendor Advisory