Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2016-9565

Published: 15/12/2016 Updated: 09/10/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Nagios

Vulnerability Summary

MagpieRSS, as used in the front-end component in Nagios Core prior to 4.2.2 might allow remote malicious users to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

nagios nagios

Vendor Advisories

Red Hat: Important: nagios security update
Synopsis Important: nagios security update Type/Severity Security Advisory: Important Topic An update for nagios is now available for Red Hat Enterprise Linux OpenStack Platform 50 (Icehouse) for RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulner ...
Red Hat: Important: nagios security update
Synopsis Important: nagios security update Type/Severity Security Advisory: Important Topic An update for nagios is now available for Red Hat Gluster Storage 31 for RHEL 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...
Red Hat: Important: nagios security update
Synopsis Important: nagios security update Type/Severity Security Advisory: Important Topic An update for nagios is now available for Red Hat Enterprise Linux OpenStack Platform 60 (Juno) for RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabil ...
Red Hat: Important: nagios security update
Synopsis Important: nagios security update Type/Severity Security Advisory: Important Topic An update for nagios is now available for Red Hat Gluster Storage 31 for RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...
Red Hat: Important: nagios security update
Synopsis Important: nagios security update Type/Severity Security Advisory: Important Topic An update for nagios is now available for Red Hat Enterprise Linux OpenStack Platform 70 (Kilo) for RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabil ...
Red Hat: Important: nagios security update
Synopsis Important: nagios security update Type/Severity Security Advisory: Important Topic An update for nagios is now available for Red Hat Enterprise Linux OpenStack Platform 50 (Icehouse) for RHEL 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulner ...
Red Hat: CVE-2016-9565
It was found that an attacker who could control the content of an RSS feed could execute code remotely using the Nagios web interface This flaw could be used to gain access to the remote system and in some scenarios control over the system ...

Exploits

Exploit DB: Nagios < 4.2.2 - Arbitrary Code Execution
#!/usr/bin/env python # Source: legalhackerscom/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796html intro = """\033[94m Nagios Core &lt; 420 Curl Command Injection / Code Execution PoC Exploit CVE-2016-9565 nagios_cmd_injectionpy ver 10 Discovered &amp; Coded by: Dawid Golunski legalhackerscom \033[0m ...
Exploit DB: Nagios Core Curl Command Injection / Code Execution
Nagios Core versions prior to 422 suffer from a curl command injection vulnerability that can lead to remote code execution ...

Github Repositories

https://github.com/LinkleYping/Vulnerability-implementation

nagios,zabbix,solr等平台一些漏洞的实现

nagios,zabbix,solr等平台一些漏洞的实现 Nagios core(CVE-2016-9565) Apache Solr XXE(CVE-2017-12629) Apache Solr RCE(CVE-2017-12629) Zabbix&nbsp;RCE&nbsp;(CVE-2017-2824) Zabbix 20 SQL Injection 漏洞的搭建、分析与exploit

References

CWE-284https://www.nagios.org/projects/nagios-core/history/4x/https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.htmlhttp://www.securityfocus.com/bid/94922http://seclists.org/fulldisclosure/2016/Dec/57http://packetstormsecurity.com/files/140169/Nagios-Core-Curl-Command-Injection-Code-Execution.htmlhttps://security.gentoo.org/glsa/201702-26http://www.securitytracker.com/id/1037488https://www.exploit-db.com/exploits/40920/https://security.gentoo.org/glsa/201710-20http://rhn.redhat.com/errata/RHSA-2017-0259.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0258.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0214.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0213.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0212.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0211.htmlhttp://www.securityfocus.com/archive/1/539925/100/0/threadedhttps://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2017:0211https://github.com/LinkleYping/Vulnerability-implementationhttps://www.exploit-db.com/exploits/40920/https://access.redhat.com/security/cve/cve-2016-9565
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook