Published: 10/11/2008 Updated: 07/11/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor prior to 4.0.1 allows remote malicious users to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests.

Vulnerable Product	Search on Vulmon	Subscribe to Product
nagios nagios 3.0
nagios nagios 2.0b5
nagios nagios 2.7
nagios nagios 2.4
op5 monitor
nagios nagios 2.0b6
nagios nagios 1.0b3
nagios nagios 1.1
nagios nagios 2.1
op5 monitor 3.3.1
nagios nagios 1.0b6
nagios nagios 3.0.1
nagios nagios 1.0
nagios nagios 2.3.1
nagios nagios 2.2
op5 monitor 3.2
nagios nagios 2.0b2
op5 monitor 2.8
op5 monitor 3.2.4
nagios nagios 1.0b4
nagios nagios 3.0.2
nagios nagios 2.5
nagios nagios 2.0b4
nagios nagios 2.8
nagios nagios
nagios nagios 2.10
nagios nagios 1.2
nagios nagios 1.0b5
op5 monitor 3.3.3
nagios nagios 1.0_b3
nagios nagios 2.0b1
op5 monitor 2.6
nagios nagios 2.0
nagios nagios 1.4
nagios nagios 1.4.1
nagios nagios 2.0b3
nagios nagios 1.3
nagios nagios 2.11
op5 monitor 3.0.0
nagios nagios 2.0rc1
nagios nagios 1.0_b1
nagios nagios 2.3
nagios nagios 1.0b1
nagios nagios 3.0.3
op5 monitor 3.3.2
nagios nagios 1.0b2
nagios nagios 2.9
nagios nagios 1.0_b2
nagios nagios 2.0rc2
op5 monitor 2.4
op5 monitor 3.0

Debian Bug report logs - #504894 CVE-2008-5028: Nagios "cmdcgi" cross-site request forgery Package: nagios3; Maintainer for nagios3 is Debian Nagios Maintainer Group <pkg-nagios-devel@listsaliothdebianorg>; Source for nagios3 is src:nagios3 (PTS, buildd, popcon) Reported by: Raphael Geissert <atomo64@gmailcom> D ...

It was discovered that Nagios was vulnerable to a Cross-site request forgery (CSRF) vulnerability If an authenticated nagios user were tricked into clicking a link on a specially crafted web page, an attacker could trigger commands to be processed by Nagios and execute arbitrary programs This update alters Nagios behaviour by disabling submission ...

CWE-352 http://www.openwall.com/lists/oss-security/2008/11/06/2 http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor http://secunia.com/advisories/32610 http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se&forum_name=nagios-devel http://secunia.com/advisories/33320 http://www.vupen.com/english/advisories/2008/3029 http://secunia.com/advisories/35002 http://www.vupen.com/english/advisories/2009/1256 http://marc.info/?l=bugtraq&m=124156641928637&w=2 http://www.securitytracker.com/id?1022165 http://security.gentoo.org/glsa/glsa-200907-15.xml http://secunia.com/advisories/32630 http://osvdb.org/49678 https://www.ubuntu.com/usn/USN-698-3/https://exchange.xforce.ibmcloud.com/vulnerabilities/46521 https://exchange.xforce.ibmcloud.com/vulnerabilities/46426 http://git.op5.org/git/?p=nagios.git%3Ba=commit%3Bh=814d8d4d1a73f7151eeed187c0667585d79fea18 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504894 https://nvd.nist.gov https://usn.ubuntu.com/698-3/

CVE-2008-5028

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect