Lucene search
Ubuntu.comUB:CVE-2008-5028HistoryNov 10, 2008 - 12:00 a.m.
CVE-2008-5028
2008-11-1000:00:00
ubuntu.com
ubuntu.com
7
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.027 Low
EPSS
Percentile
90.4%
Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios
3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send
commands to the Nagios process, and trigger execution of arbitrary programs
by this process, via unspecified HTTP requests.
Notes
| Author | Note |
|---|---|
| mdeslaur | Nagios 1.x doesn’t have the CMD_CHANGE commands, so remote attackers wouldn’t be able to trigger arbitrary programs. |
Related
debian
debian
[Backports-security-announce] Security Update for nagios3
2008-12-08 17:54:08
[Backports-security-announce] Security Update for nagios3
2008-12-08 11:47:25
cve
cve
CVE-2008-5028
2008-11-10 15:23:00
prion
prion
Cross site request forgery (csrf)
2008-11-10 15:23:00
openvas
openvas
Ubuntu: Security Advisory (USN-698-3)
2009-03-23 00:00:00
Ubuntu: Security Advisory (USN-698-2)
2008-12-29 00:00:00
ubuntu
ubuntu
Nagios vulnerabilities
2008-12-23 00:00:00
Nagios3 vulnerabilities
2008-12-22 00:00:00
nessus
nessus
Ubuntu 8.04 LTS : nagios2 vulnerabilities (USN-698-3)
2009-04-23 00:00:00
openSUSE Security Update : nagios (nagios-531)
2009-07-21 00:00:00
Ubuntu 8.10 : nagios3 vulnerabilities (USN-698-2)
2009-04-23 00:00:00
securityvulns
securityvulns
gentoo
gentoo
Nagios: Execution of arbitrary code
2009-07-19 00:00:00
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.027 Low
EPSS
Percentile
90.4%
Related for UB:CVE-2008-5028