Vulnerability Details CVE-2008-5028
Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.013
EPSS Ranking 78.5%
CVSS Severity
CVSS v2 Score 6.8
References
- http://git.op5.org/git/?p=nagios.git%3Ba=commit%3Bh=814d8d4d1a73f7151eeed187c0667585d79fea18
- http://marc.info/?l=bugtraq&m=124156641928637&w=2
- http://marc.info/?l=bugtraq&m=124156641928637&w=2
- http://osvdb.org/49678
- http://secunia.com/advisories/32610
- http://secunia.com/advisories/32630
- http://secunia.com/advisories/33320
- http://secunia.com/advisories/35002
- http://security.gentoo.org/glsa/glsa-200907-15.xml
- http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se&forum_name=nagios-devel
- http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor
- http://www.openwall.com/lists/oss-security/2008/11/06/2
- http://www.securitytracker.com/id?1022165
- http://www.vupen.com/english/advisories/2008/3029
- http://www.vupen.com/english/advisories/2009/1256
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46426
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46521
- https://www.ubuntu.com/usn/USN-698-3/
- http://git.op5.org/git/?p=nagios.git%3Ba=commit%3Bh=814d8d4d1a73f7151eeed187c0667585d79fea18
- http://marc.info/?l=bugtraq&m=124156641928637&w=2
- http://marc.info/?l=bugtraq&m=124156641928637&w=2
- http://osvdb.org/49678
- http://secunia.com/advisories/32610
- http://secunia.com/advisories/32630
- http://secunia.com/advisories/33320
- http://secunia.com/advisories/35002
- http://security.gentoo.org/glsa/glsa-200907-15.xml
- http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se&forum_name=nagios-devel
- http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor
- http://www.openwall.com/lists/oss-security/2008/11/06/2
- http://www.securitytracker.com/id?1022165
- http://www.vupen.com/english/advisories/2008/3029
- http://www.vupen.com/english/advisories/2009/1256
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46426
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46521
- https://www.ubuntu.com/usn/USN-698-3/
Products affected by CVE-2008-5028
-
cpe:2.3:a:nagios:nagios:1.0
-
cpe:2.3:a:nagios:nagios:1.0_b1
-
cpe:2.3:a:nagios:nagios:1.0_b2
-
cpe:2.3:a:nagios:nagios:1.0_b3
-
cpe:2.3:a:nagios:nagios:1.0b1
-
cpe:2.3:a:nagios:nagios:1.0b2
-
cpe:2.3:a:nagios:nagios:1.0b3
-
cpe:2.3:a:nagios:nagios:1.0b4
-
cpe:2.3:a:nagios:nagios:1.0b5
-
cpe:2.3:a:nagios:nagios:1.0b6
-
cpe:2.3:a:nagios:nagios:1.1
-
cpe:2.3:a:nagios:nagios:1.2
-
cpe:2.3:a:nagios:nagios:1.3
-
cpe:2.3:a:nagios:nagios:1.4
-
cpe:2.3:a:nagios:nagios:1.4.1
-
cpe:2.3:a:nagios:nagios:2.0
-
cpe:2.3:a:nagios:nagios:2.0.1
-
cpe:2.3:a:nagios:nagios:2.0b1
-
cpe:2.3:a:nagios:nagios:2.0b2
-
cpe:2.3:a:nagios:nagios:2.0b3
-
cpe:2.3:a:nagios:nagios:2.0b4
-
cpe:2.3:a:nagios:nagios:2.0b5
-
cpe:2.3:a:nagios:nagios:2.0b6
-
cpe:2.3:a:nagios:nagios:2.0rc1
-
cpe:2.3:a:nagios:nagios:2.0rc2
-
cpe:2.3:a:nagios:nagios:2.1
-
cpe:2.3:a:nagios:nagios:2.1.3
-
cpe:2.3:a:nagios:nagios:2.10
-
cpe:2.3:a:nagios:nagios:2.11
-
cpe:2.3:a:nagios:nagios:2.2
-
cpe:2.3:a:nagios:nagios:2.3
-
cpe:2.3:a:nagios:nagios:2.3.1
-
cpe:2.3:a:nagios:nagios:2.4
-
cpe:2.3:a:nagios:nagios:2.5
-
cpe:2.3:a:nagios:nagios:2.7
-
cpe:2.3:a:nagios:nagios:2.8
-
cpe:2.3:a:nagios:nagios:2.9
-
cpe:2.3:a:nagios:nagios:3.0
-
cpe:2.3:a:nagios:nagios:3.0.1
-
cpe:2.3:a:nagios:nagios:3.0.2
-
cpe:2.3:a:nagios:nagios:3.0.3
-
cpe:2.3:a:nagios:nagios:3.0.4
-
cpe:2.3:a:op5:monitor:-
-
cpe:2.3:a:op5:monitor:2.4
-
cpe:2.3:a:op5:monitor:2.6
-
cpe:2.3:a:op5:monitor:2.8
-
cpe:2.3:a:op5:monitor:3.0
-
cpe:2.3:a:op5:monitor:3.0.0
-
cpe:2.3:a:op5:monitor:3.2
-
cpe:2.3:a:op5:monitor:3.2.4
-
cpe:2.3:a:op5:monitor:3.3.1
-
cpe:2.3:a:op5:monitor:3.3.2
-
cpe:2.3:a:op5:monitor:3.3.3