Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2008-5028
HistoryNov 10, 2008 - 3:23 p.m.

CVE-2008-5028

2008-11-1015:23:29
CWE-352
[email protected]
web.nvd.nist.gov
38
vulnerability
csrf
cmd.cgi
nagios
op5 monitor
remote attackers
http requests
nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

High

0.027 Low

EPSS

Percentile

90.6%

JSON

Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests.

Affected configurations

NVD
Node
nagiosnagiosRange3.0.4
OR
nagiosnagiosMatch1.0
OR
nagiosnagiosMatch1.0_b1
OR
nagiosnagiosMatch1.0_b2
OR
nagiosnagiosMatch1.0_b3
OR
nagiosnagiosMatch1.0b1
OR
nagiosnagiosMatch1.0b2
OR
nagiosnagiosMatch1.0b3
OR
nagiosnagiosMatch1.0b4
OR
nagiosnagiosMatch1.0b5
OR
nagiosnagiosMatch1.0b6
OR
nagiosnagiosMatch1.1
OR
nagiosnagiosMatch1.2
OR
nagiosnagiosMatch1.3
OR
nagiosnagiosMatch1.4
OR
nagiosnagiosMatch1.4.1
OR
nagiosnagiosMatch2.0
OR
nagiosnagiosMatch2.0b1
OR
nagiosnagiosMatch2.0b2
OR
nagiosnagiosMatch2.0b3
OR
nagiosnagiosMatch2.0b4
OR
nagiosnagiosMatch2.0b5
OR
nagiosnagiosMatch2.0b6
OR
nagiosnagiosMatch2.0rc1
OR
nagiosnagiosMatch2.0rc2
OR
nagiosnagiosMatch2.1
OR
nagiosnagiosMatch2.2
OR
nagiosnagiosMatch2.3
OR
nagiosnagiosMatch2.3.1
OR
nagiosnagiosMatch2.4
OR
nagiosnagiosMatch2.5
OR
nagiosnagiosMatch2.7
OR
nagiosnagiosMatch2.8
OR
nagiosnagiosMatch2.9
OR
nagiosnagiosMatch2.10
OR
nagiosnagiosMatch2.11
OR
nagiosnagiosMatch3.0
OR
nagiosnagiosMatch3.0alpha1
OR
nagiosnagiosMatch3.0alpha2
OR
nagiosnagiosMatch3.0alpha3
OR
nagiosnagiosMatch3.0alpha4
OR
nagiosnagiosMatch3.0beta1
OR
nagiosnagiosMatch3.0beta2
OR
nagiosnagiosMatch3.0beta3
OR
nagiosnagiosMatch3.0beta4
OR
nagiosnagiosMatch3.0beta5
OR
nagiosnagiosMatch3.0beta6
OR
nagiosnagiosMatch3.0beta7
OR
nagiosnagiosMatch3.0rc1
OR
nagiosnagiosMatch3.0rc2
OR
nagiosnagiosMatch3.0rc3
OR
nagiosnagiosMatch3.0.1
OR
nagiosnagiosMatch3.0.2
OR
nagiosnagiosMatch3.0.3
OR
op5monitorRange4.0.0
OR
op5monitorMatch2.4
OR
op5monitorMatch2.6
OR
op5monitorMatch2.8
OR
op5monitorMatch3.0
OR
op5monitorMatch3.0.0
OR
op5monitorMatch3.2
OR
op5monitorMatch3.2.4
OR
op5monitorMatch3.3.1
OR
op5monitorMatch3.3.2
OR
op5monitorMatch3.3.3

Related

cvelist 1
debian 2
ubuntucve 1
prion 1
nvd 1
ubuntu 2
openvas 13
securityvulns 2
nessus 5
gentoo 1
cvelist
cvelist
CVE-2008-5028
2008-11-10 15:00:00
debian
debian
[Backports-security-announce] Security Update for nagios3
2008-12-08 17:54:08
[Backports-security-announce] Security Update for nagios3
2008-12-08 11:47:25
ubuntucve
ubuntucve
CVE-2008-5028
2008-11-10 00:00:00
prion
prion
Cross site request forgery (csrf)
2008-11-10 15:23:00
nvd
nvd
CVE-2008-5028
2008-11-10 15:23:29
ubuntu
ubuntu
Nagios vulnerabilities
2008-12-23 00:00:00
Nagios3 vulnerabilities
2008-12-22 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-698-3)
2009-03-23 00:00:00
Ubuntu: Security Advisory (USN-698-2)
2008-12-29 00:00:00
Nagios Cross-site Request Forgery (CSRF) and Authentication Bypass Vulnerability
2008-11-27 00:00:00
securityvulns
securityvulns
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2008-12-26 00:00:00
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2008-12-23 00:00:00
nessus
nessus
Ubuntu 8.04 LTS : nagios2 vulnerabilities (USN-698-3)
2009-04-23 00:00:00
openSUSE Security Update : nagios (nagios-531)
2009-07-21 00:00:00
openSUSE Security Update : nagios (nagios-531)
2009-07-21 00:00:00
gentoo
gentoo
Nagios: Execution of arbitrary code
2009-07-19 00:00:00

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

High

0.027 Low

EPSS

Percentile

90.6%

JSON
Related for CVE-2008-5028
cvelist1debian2ubuntucve1prion1nvd1ubuntu2openvas13securityvulns2nessus5gentoo1