CVE-2008-5028

2008-11-1015:23:00

CWE-352

[email protected]

web.nvd.nist.gov

vulnerability

csrf

cmd.cgi

nagios

op5 monitor

remote attackers

http requests

nvd

7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.027 Low

EPSS

Percentile

90.4%

JSON

Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests.

CPENameOperatorVersion
nagios:nagiosnagioseq3.0
nagios:nagiosnagioseq2.0b5
nagios:nagiosnagioseq2.7
nagios:nagiosnagioseq2.4
op5:monitorop5 monitorle4.0.0
nagios:nagiosnagioseq2.0b6
nagios:nagiosnagioseq1.0b3
nagios:nagiosnagioseq1.1
nagios:nagiosnagioseq2.1
op5:monitorop5 monitoreq3.3.1

CPE	Name	Operator	Version
nagios:nagios	nagios	eq	3.0
nagios:nagios	nagios	eq	2.0b5
nagios:nagios	nagios	eq	2.7
nagios:nagios	nagios	eq	2.4
op5:monitor	op5 monitor	le	4.0.0
nagios:nagios	nagios	eq	2.0b6
nagios:nagios	nagios	eq	1.0b3
nagios:nagios	nagios	eq	1.1
nagios:nagios	nagios	eq	2.1
op5:monitor	op5 monitor	eq	3.3.1