Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2009-2288
HistoryJul 01, 2009 - 12:00 a.m.

CVE-2009-2288

2009-07-0100:00:00
ubuntu.com
ubuntu.com
8

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.97 High

EPSS

Percentile

99.7%

JSON

statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute
arbitrary commands via shell metacharacters in the (1) ping or (2)
Traceroute parameters.

Bugs

Notes

Author Note
mdeslaur Can’t reproduce the issue with nagios v1, so it’s probably not affected.
OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchnagios2< 2.11-1ubuntu1.5UNKNOWN
ubuntu8.10noarchnagios3< 3.0.2-1ubuntu1.2UNKNOWN
ubuntu9.04noarchnagios3< 3.0.6-2ubuntu1.1UNKNOWN

Related

dsquare 1
nessus 9
debian 1
checkpoint_advisories 1
openvas 17
packetstorm 1
saint 4
freebsd 1
canvas 1
ubuntu 1
securityvulns 4
prion 1
cve 1
gentoo 1
dsquare
dsquare
Nagios 3.1.0 RCE
2012-01-30 00:00:00
nessus
nessus
SuSE 10 Security Update : nagios (ZYPP Patch Number 6356)
2009-09-24 00:00:00
openSUSE Security Update : nagios (nagios-1102)
2009-07-31 00:00:00
SuSE 11 Security Update : nagios (SAT Patch Number 1105)
2009-09-24 00:00:00
debian
debian
[SECURITY] [DSA 1825-1] New nagios2/nagios3 packages fix arbitrary code execution
2009-07-03 15:46:14
checkpoint_advisories
checkpoint_advisories
Nagios statuswml.cgi Command Execution (CVE-2009-2288)
2013-12-02 00:00:00
openvas
openvas
Ubuntu USN-795-1 (nagios3)
2009-07-06 00:00:00
Debian: Security Advisory (DSA-1825-1)
2009-07-06 00:00:00
Ubuntu: Security Advisory (USN-795-1)
2009-07-06 00:00:00
packetstorm
packetstorm
Nagios3 statuswml.cgi Ping Command Execution
2009-10-30 00:00:00
saint
saint
Nagios statuswml.cgi Command Injection
2010-04-13 00:00:00
Nagios statuswml.cgi Command Injection
2010-04-13 00:00:00
Nagios statuswml.cgi Command Injection
2010-04-13 00:00:00
freebsd
freebsd
nagios -- Command Injection Vulnerability
2009-05-29 00:00:00
canvas
canvas
Immunity Canvas: NAGIOS_PING
2009-07-01 13:00:00
ubuntu
ubuntu
Nagios vulnerability
2009-07-02 00:00:00
securityvulns
securityvulns
[USN-795-1] Nagios vulnerability
2009-07-03 00:00:00
Daily web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2009-07-03 00:00:00
HP Insight Control for Linux multiple security vulnerabilities
2010-03-31 00:00:00
prion
prion
Code injection
2009-07-01 13:00:00
cve
cve
CVE-2009-2288
2009-07-01 13:00:00
gentoo
gentoo
Nagios: Execution of arbitrary code
2009-07-19 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.97 High

EPSS

Percentile

99.7%

JSON
Related for UB:CVE-2009-2288
dsquare1nessus9debian1checkpoint_advisories1openvas17packetstorm1saint4freebsd1canvas1ubuntu1securityvulns4prion1cve1gentoo1