Vulnerability Details CVE-2016-7067
Monit before version 5.20.0 is vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host or disable/enable monitoring for a specific service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.2%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
- http://www.securityfocus.com/bid/93953
- https://bitbucket.org/tildeslash/monit/commits/c6ec3820e627f85417053e6336de2987f2d863e3?at=master
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7067
- https://seclists.org/oss-sec/2016/q4/267
- http://www.securityfocus.com/bid/93953
- https://bitbucket.org/tildeslash/monit/commits/c6ec3820e627f85417053e6336de2987f2d863e3?at=master
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7067
- https://seclists.org/oss-sec/2016/q4/267
Products affected by CVE-2016-7067
-
cpe:2.3:a:mmonit:monit:5.10.0
-
cpe:2.3:a:mmonit:monit:5.11.0
-
cpe:2.3:a:mmonit:monit:5.12.2
-
cpe:2.3:a:mmonit:monit:5.13.0
-
cpe:2.3:a:mmonit:monit:5.14.0
-
cpe:2.3:a:mmonit:monit:5.15.0
-
cpe:2.3:a:mmonit:monit:5.16.0
-
cpe:2.3:a:mmonit:monit:5.17.0
-
cpe:2.3:a:mmonit:monit:5.17.1
-
cpe:2.3:a:mmonit:monit:5.18.0
-
cpe:2.3:a:mmonit:monit:5.19.0
-
cpe:2.3:a:mmonit:monit:5.7.0
-
cpe:2.3:a:mmonit:monit:5.8.0
-
cpe:2.3:a:mmonit:monit:5.8.1
-
cpe:2.3:a:mmonit:monit:5.9.0