Detections
Analytics

CVE-2008-5028

high

Description

Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests.

References

https://www.ubuntu.com/usn/USN-698-3/

https://exchange.xforce.ibmcloud.com/vulnerabilities/46521

https://exchange.xforce.ibmcloud.com/vulnerabilities/46426

http://www.vupen.com/english/advisories/2009/1256

http://www.vupen.com/english/advisories/2008/3029

http://www.securitytracker.com/id?1022165

http://www.openwall.com/lists/oss-security/2008/11/06/2

http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor

http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se&forum_name=nagios-devel

http://security.gentoo.org/glsa/glsa-200907-15.xml

http://secunia.com/advisories/35002

http://secunia.com/advisories/33320

http://secunia.com/advisories/32630

http://secunia.com/advisories/32610

http://osvdb.org/49678

http://marc.info/?l=bugtraq&m=124156641928637&w=2

http://git.op5.org/git/?p=nagios.git%3Ba=commit%3Bh=814d8d4d1a73f7151eeed187c0667585d79fea18

Details

Source: Mitre, NVD

Published: 2008-11-10

Updated: 2023-11-07

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High