CVE-2008-5028

Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
VendorProductVersion
nagiosnagios
𝑥
≤ 3.0.4
nagiosnagios
1.0
nagiosnagios
1.0_b1:_b1
nagiosnagios
1.0_b2:_b2
nagiosnagios
1.0_b3:_b3
nagiosnagios
1.0b1:b1
nagiosnagios
1.0b2:b2
nagiosnagios
1.0b3:b3
nagiosnagios
1.0b4:b4
nagiosnagios
1.0b5:b5
nagiosnagios
1.0b6:b6
nagiosnagios
1.1
nagiosnagios
1.2
nagiosnagios
1.3
nagiosnagios
1.4
nagiosnagios
1.4.1
nagiosnagios
2.0
nagiosnagios
2.0b1:b1
nagiosnagios
2.0b2:b2
nagiosnagios
2.0b3:b3
nagiosnagios
2.0b4:b4
nagiosnagios
2.0b5:b5
nagiosnagios
2.0b6:b6
nagiosnagios
2.0rc1:rc1
nagiosnagios
2.0rc2:rc2
nagiosnagios
2.1
nagiosnagios
2.2
nagiosnagios
2.3
nagiosnagios
2.3.1
nagiosnagios
2.4
nagiosnagios
2.5
nagiosnagios
2.7
nagiosnagios
2.8
nagiosnagios
2.9
nagiosnagios
2.10
nagiosnagios
2.11
nagiosnagios
3.0
nagiosnagios
3.0:alpha1
nagiosnagios
3.0:alpha2
nagiosnagios
3.0:alpha3
nagiosnagios
3.0:alpha4
nagiosnagios
3.0:beta1
nagiosnagios
3.0:beta2
nagiosnagios
3.0:beta3
nagiosnagios
3.0:beta4
nagiosnagios
3.0:beta5
nagiosnagios
3.0:beta6
nagiosnagios
3.0:beta7
nagiosnagios
3.0:rc1
nagiosnagios
3.0:rc2
nagiosnagios
3.0:rc3
nagiosnagios
3.0.1
nagiosnagios
3.0.2
nagiosnagios
3.0.3
op5monitor
𝑥
≤ 4.0.0
op5monitor
2.4
op5monitor
2.6
op5monitor
2.8
op5monitor
3.0
op5monitor
3.0.0
op5monitor
3.2
op5monitor
3.2.4
op5monitor
3.3.1
op5monitor
3.3.2
op5monitor
3.3.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
nagios
intrepid
dne
hardy
dne
gutsy
not-affected
dapper
not-affected
nagios2
intrepid
dne
hardy
Fixed 2.11-1ubuntu1.4
released
gutsy
ignored
dapper
dne
nagios3
intrepid
Fixed 3.0.2-1ubuntu1.1
released
hardy
dne
gutsy
dne
dapper
dne
Common Weakness Enumeration
References
http://git.op5.org/git/?p=nagios.git%3Ba=commit%3Bh=814d8d4d1a73f7151eeed187c0667585d79fea18
http://marc.info/?l=bugtraq&m=124156641928637&w=2
http://marc.info/?l=bugtraq&m=124156641928637&w=2
http://osvdb.org/49678
http://secunia.com/advisories/32610
http://secunia.com/advisories/32630
http://secunia.com/advisories/33320
http://secunia.com/advisories/35002
http://security.gentoo.org/glsa/glsa-200907-15.xml
http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se&forum_name=nagios-devel
http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor
http://www.openwall.com/lists/oss-security/2008/11/06/2
http://www.securitytracker.com/id?1022165
http://www.vupen.com/english/advisories/2008/3029
http://www.vupen.com/english/advisories/2009/1256
https://exchange.xforce.ibmcloud.com/vulnerabilities/46426
https://exchange.xforce.ibmcloud.com/vulnerabilities/46521
https://www.ubuntu.com/usn/USN-698-3/
http://git.op5.org/git/?p=nagios.git%3Ba=commit%3Bh=814d8d4d1a73f7151eeed187c0667585d79fea18
http://marc.info/?l=bugtraq&m=124156641928637&w=2
http://marc.info/?l=bugtraq&m=124156641928637&w=2
http://osvdb.org/49678
http://secunia.com/advisories/32610
http://secunia.com/advisories/32630
http://secunia.com/advisories/33320
http://secunia.com/advisories/35002
http://security.gentoo.org/glsa/glsa-200907-15.xml
http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se&forum_name=nagios-devel
http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor
http://www.openwall.com/lists/oss-security/2008/11/06/2
http://www.securitytracker.com/id?1022165
http://www.vupen.com/english/advisories/2008/3029
http://www.vupen.com/english/advisories/2009/1256
https://exchange.xforce.ibmcloud.com/vulnerabilities/46426
https://exchange.xforce.ibmcloud.com/vulnerabilities/46521
https://www.ubuntu.com/usn/USN-698-3/