Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2007-5198

Published: 04/10/2007 Updated: 08/03/2011
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 685
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Plugins

Vulnerability Summary

Buffer overflow in the redir function in check_http.c in Nagios Plugins prior to 1.4.10, when running with the -f (follow) option, allows remote web servers to execute arbitrary code via Location header responses (redirects) with a large number of leading "L" characters.

Vulnerable Product Search on Vulmon Subscribe to Product

nagios plugins

Vendor Advisories

Ubuntu Security Notice: nagios-plugins vulnerability
Nobuhiro Ban discovered that check_http in nagios-plugins did not properly sanitize its input when following redirection requests A malicious remote web server could cause a denial of service or possibly execute arbitrary code as the user (CVE-2007-5198) ...
Debian Security Advisories: DSA-1495-1 nagios-plugins -- buffer overflows
Several local/remote vulnerabilities have been discovered in two of the plugins for the Nagios network monitoring and management system The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-5198 A buffer overflow has been discovered in the parser for HTTP Location headers (present in the check_http m ...

Exploits

Exploit DB: Nagios Plugins 1.4.2/1.4.9 - Location Header Remote Buffer Overflow
source: wwwsecurityfocuscom/bid/25952/info Nagios Plugins are prone to a remote buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer Exploiting this issue allows attackers to execute arbitrary machine code in the context of users running ...

References

CWE-119http://sourceforge.net/forum/forum.php?forum_id=740172http://sourceforge.net/tracker/index.php?func=detail&aid=1687867&group_id=29880&atid=397597http://sourceforge.net/tracker/index.php?func=detail&aid=1813346&group_id=29880&atid=397597http://bugs.gentoo.org/show_bug.cgi?id=194178http://security.gentoo.org/glsa/glsa-200711-11.xmlhttp://www.novell.com/linux/security/advisories/2007_25_sr.htmlhttp://www.ubuntu.com/usn/usn-532-1http://www.securityfocus.com/bid/25952http://secunia.com/advisories/27124http://secunia.com/advisories/27362http://secunia.com/advisories/27609http://secunia.com/advisories/27965http://www.debian.org/security/2008/dsa-1495http://secunia.com/advisories/28930http://www.mandriva.com/security/advisories?name=MDVSA-2008:067https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00249.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-April/msg00282.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-April/msg00320.htmlhttp://secunia.com/advisories/29862http://www.vupen.com/english/advisories/2007/3394https://usn.ubuntu.com/532-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/30646/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
brute forceCVE-2024-24908open redirectCVE-2024-31497CVE-2023-45866CVE-2024-4135CVE-2024-25523cache poisoningCVE-2024-4649
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook