7 High
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.027 Low
EPSS
Percentile
90.4%
Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests.
git.op5.org/git/?p=nagios.git%3Ba=commit%3Bh=814d8d4d1a73f7151eeed187c0667585d79fea18
marc.info/?l=bugtraq&m=124156641928637&w=2
osvdb.org/49678
secunia.com/advisories/32610
secunia.com/advisories/32630
secunia.com/advisories/33320
secunia.com/advisories/35002
security.gentoo.org/glsa/glsa-200907-15.xml
sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se&forum_name=nagios-devel
www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor
www.openwall.com/lists/oss-security/2008/11/06/2
www.securitytracker.com/id?1022165
www.vupen.com/english/advisories/2008/3029
www.vupen.com/english/advisories/2009/1256
exchange.xforce.ibmcloud.com/vulnerabilities/46426
exchange.xforce.ibmcloud.com/vulnerabilities/46521
www.ubuntu.com/usn/USN-698-3/