CVE-2008-5028

EUVD-2008-5007
Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
Affected Products (NVD)
VendorProductVersion
nagiosnagios
𝑥
≤ 3.0.4
nagiosnagios
1.0
nagiosnagios
1.0_b1:_b1
nagiosnagios
1.0_b2:_b2
nagiosnagios
1.0_b3:_b3
nagiosnagios
1.0b1:b1
nagiosnagios
1.0b2:b2
nagiosnagios
1.0b3:b3
nagiosnagios
1.0b4:b4
nagiosnagios
1.0b5:b5
nagiosnagios
1.0b6:b6
nagiosnagios
1.1
nagiosnagios
1.2
nagiosnagios
1.3
nagiosnagios
1.4
nagiosnagios
1.4.1
nagiosnagios
2.0
nagiosnagios
2.0b1:b1
nagiosnagios
2.0b2:b2
nagiosnagios
2.0b3:b3
nagiosnagios
2.0b4:b4
nagiosnagios
2.0b5:b5
nagiosnagios
2.0b6:b6
nagiosnagios
2.0rc1:rc1
nagiosnagios
2.0rc2:rc2
nagiosnagios
2.1
nagiosnagios
2.2
nagiosnagios
2.3
nagiosnagios
2.3.1
nagiosnagios
2.4
nagiosnagios
2.5
nagiosnagios
2.7
nagiosnagios
2.8
nagiosnagios
2.9
nagiosnagios
2.10
nagiosnagios
2.11
nagiosnagios
3.0
nagiosnagios
3.0:alpha1
nagiosnagios
3.0:alpha2
nagiosnagios
3.0:alpha3
nagiosnagios
3.0:alpha4
nagiosnagios
3.0:beta1
nagiosnagios
3.0:beta2
nagiosnagios
3.0:beta3
nagiosnagios
3.0:beta4
nagiosnagios
3.0:beta5
nagiosnagios
3.0:beta6
nagiosnagios
3.0:beta7
nagiosnagios
3.0:rc1
nagiosnagios
3.0:rc2
nagiosnagios
3.0:rc3
nagiosnagios
3.0.1
nagiosnagios
3.0.2
nagiosnagios
3.0.3
op5monitor
𝑥
≤ 4.0.0
op5monitor
2.4
op5monitor
2.6
op5monitor
2.8
op5monitor
3.0
op5monitor
3.0.0
op5monitor
3.2
op5monitor
3.2.4
op5monitor
3.3.1
op5monitor
3.3.2
op5monitor
3.3.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
nagios
dapper
not-affected
gutsy
not-affected
hardy
dne
intrepid
dne
nagios2
dapper
dne
gutsy
ignored
hardy
Fixed 2.11-1ubuntu1.4
released
intrepid
dne
nagios3
dapper
dne
gutsy
dne
hardy
dne
intrepid
Fixed 3.0.2-1ubuntu1.1
released
Common Weakness Enumeration
References
http://git.op5.org/git/?p=nagios.git%3Ba=commit%3Bh=814d8d4d1a73f7151eeed187c0667585d79fea18
http://marc.info/?l=bugtraq&m=124156641928637&w=2
http://osvdb.org/49678
http://secunia.com/advisories/32610
http://secunia.com/advisories/32630
http://secunia.com/advisories/33320
http://secunia.com/advisories/35002
http://security.gentoo.org/glsa/glsa-200907-15.xml
http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se&forum_name=nagios-devel
http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor
http://www.openwall.com/lists/oss-security/2008/11/06/2
http://www.securitytracker.com/id?1022165
http://www.vupen.com/english/advisories/2008/3029
http://www.vupen.com/english/advisories/2009/1256
https://exchange.xforce.ibmcloud.com/vulnerabilities/46426
https://exchange.xforce.ibmcloud.com/vulnerabilities/46521
https://www.ubuntu.com/usn/USN-698-3/
http://git.op5.org/git/?p=nagios.git%3Ba=commit%3Bh=814d8d4d1a73f7151eeed187c0667585d79fea18
http://marc.info/?l=bugtraq&m=124156641928637&w=2
http://osvdb.org/49678
http://secunia.com/advisories/32610
http://secunia.com/advisories/32630
http://secunia.com/advisories/33320
http://secunia.com/advisories/35002
http://security.gentoo.org/glsa/glsa-200907-15.xml
http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se&forum_name=nagios-devel
http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor
http://www.openwall.com/lists/oss-security/2008/11/06/2
http://www.securitytracker.com/id?1022165
http://www.vupen.com/english/advisories/2008/3029
http://www.vupen.com/english/advisories/2009/1256
https://exchange.xforce.ibmcloud.com/vulnerabilities/46426
https://exchange.xforce.ibmcloud.com/vulnerabilities/46521
https://www.ubuntu.com/usn/USN-698-3/