CVE-2008-5028: CSRF
First published: Mon Nov 10 2008(Updated: )
Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nagios Nagios | =3.0-alpha3 | |
| Nagios Nagios | =2.0b5 | |
| Nagios Nagios | =2.7 | |
| Nagios Nagios | =2.4 | |
| Nagios Nagios | =3.0-rc3 | |
| op5 Monitor | <=4.0.0 | |
| Nagios Nagios | =3.0-beta4 | |
| Nagios Nagios | =2.0b6 | |
| Nagios Nagios | =1.0b3 | |
| Nagios Nagios | =1.1 | |
| Nagios Nagios | =3.0-alpha2 | |
| Nagios Nagios | =2.1 | |
| op5 Monitor | =3.3.1 | |
| Nagios Nagios | =1.0b6 | |
| Nagios Nagios | =3.0.1 | |
| Nagios Nagios | =1.0 | |
| Nagios Nagios | =2.3.1 | |
| Nagios Nagios | =3.0-beta5 | |
| Nagios Nagios | =2.2 | |
| Nagios Nagios | =3.0-rc1 | |
| op5 Monitor | =3.2 | |
| Nagios Nagios | =2.0b2 | |
| op5 Monitor | =2.8 | |
| op5 Monitor | =3.2.4 | |
| Nagios Nagios | =1.0b4 | |
| Nagios Nagios | =3.0.2 | |
| Nagios Nagios | =2.5 | |
| Nagios Nagios | =2.0b4 | |
| Nagios Nagios | =2.8 | |
| Nagios Nagios | <=3.0.4 | |
| Nagios Nagios | =3.0-beta2 | |
| Nagios Nagios | =2.10 | |
| Nagios Nagios | =1.2 | |
| Nagios Nagios | =3.0-beta7 | |
| Nagios Nagios | =3.0-rc2 | |
| Nagios Nagios | =1.0b5 | |
| op5 Monitor | =3.3.3 | |
| Nagios Nagios | =1.0_b3 | |
| Nagios Nagios | =2.0b1 | |
| op5 Monitor | =2.6 | |
| Nagios Nagios | =3.0 | |
| Nagios Nagios | =2.0 | |
| Nagios Nagios | =1.4 | |
| Nagios Nagios | =3.0-alpha1 | |
| Nagios Nagios | =1.4.1 | |
| Nagios Nagios | =3.0-beta6 | |
| Nagios Nagios | =2.0b3 | |
| Nagios Nagios | =1.3 | |
| Nagios Nagios | =2.11 | |
| Nagios Nagios | =3.0-alpha4 | |
| op5 Monitor | =3.0.0 | |
| Nagios Nagios | =2.0rc1 | |
| Nagios Nagios | =3.0-beta1 | |
| Nagios Nagios | =1.0_b1 | |
| Nagios Nagios | =2.3 | |
| Nagios Nagios | =1.0b1 | |
| Nagios Nagios | =3.0-beta3 | |
| Nagios Nagios | =3.0.3 | |
| op5 Monitor | =3.3.2 | |
| Nagios Nagios | =1.0b2 | |
| Nagios Nagios | =2.9 | |
| Nagios Nagios | =1.0_b2 | |
| Nagios Nagios | =2.0rc2 | |
| op5 Monitor | =2.4 | |
| op5 Monitor | =3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2008/11/06/2
- http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor
- http://secunia.com/advisories/32610
- http://git.op5.org/git/?p=nagios.git;a=commit;h=814d8d4d1a73f7151eeed187c0667585d79fea18
- http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se&forum_name=nagios-devel
- http://secunia.com/advisories/33320
- http://www.vupen.com/english/advisories/2008/3029
- http://secunia.com/advisories/35002
- http://www.vupen.com/english/advisories/2009/1256
- http://marc.info/?l=bugtraq&m=124156641928637&w=2
- http://www.securitytracker.com/id?1022165
- http://security.gentoo.org/glsa/glsa-200907-15.xml
- http://secunia.com/advisories/32630
- http://osvdb.org/49678
- https://www.ubuntu.com/usn/USN-698-3/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46521
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46426
- http://git.op5.org/git/?p=nagios.git%3Ba=commit%3Bh=814d8d4d1a73f7151eeed187c0667585d79fea18
- collector/nvd-historical
- collector/nvd-index
- collector/nvd-api
- agent/severity
- agent/author
- agent/references
- agent/weakness
- agent/type
- agent/event
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/nagios
- canonical/nagios nagios
- version/nagios nagios/3.0-alpha3
- version/nagios nagios/2.0b5
- version/nagios nagios/2.7
- version/nagios nagios/2.4
- version/nagios nagios/3.0-rc3
- vendor/op5
- canonical/op5 monitor
- version/op5 monitor/4.0.0
- version/nagios nagios/3.0-beta4
- version/nagios nagios/2.0b6
- version/nagios nagios/1.0b3
- version/nagios nagios/1.1
- version/nagios nagios/3.0-alpha2
- version/nagios nagios/2.1
- version/op5 monitor/3.3.1
- version/nagios nagios/1.0b6
- version/nagios nagios/3.0.1
- version/nagios nagios/1.0
- version/nagios nagios/2.3.1
- version/nagios nagios/3.0-beta5
- version/nagios nagios/2.2
- version/nagios nagios/3.0-rc1
- version/op5 monitor/3.2
- version/nagios nagios/2.0b2
- version/op5 monitor/2.8
- version/op5 monitor/3.2.4
- version/nagios nagios/1.0b4
- version/nagios nagios/3.0.2
- version/nagios nagios/2.5
- version/nagios nagios/2.0b4
- version/nagios nagios/2.8
- version/nagios nagios/3.0.4
- version/nagios nagios/3.0-beta2
- version/nagios nagios/2.10
- version/nagios nagios/1.2
- version/nagios nagios/3.0-beta7
- version/nagios nagios/3.0-rc2
- version/nagios nagios/1.0b5
- version/op5 monitor/3.3.3
- version/nagios nagios/1.0_b3
- version/nagios nagios/2.0b1
- version/op5 monitor/2.6
- version/nagios nagios/3.0
- version/nagios nagios/2.0
- version/nagios nagios/1.4
- version/nagios nagios/3.0-alpha1
- version/nagios nagios/1.4.1
- version/nagios nagios/3.0-beta6
- version/nagios nagios/2.0b3
- version/nagios nagios/1.3
- version/nagios nagios/2.11
- version/nagios nagios/3.0-alpha4
- version/op5 monitor/3.0.0
- version/nagios nagios/2.0rc1
- version/nagios nagios/3.0-beta1
- version/nagios nagios/1.0_b1
- version/nagios nagios/2.3
- version/nagios nagios/1.0b1
- version/nagios nagios/3.0-beta3
- version/nagios nagios/3.0.3
- version/op5 monitor/3.3.2
- version/nagios nagios/1.0b2
- version/nagios nagios/2.9
- version/nagios nagios/1.0_b2
- version/nagios nagios/2.0rc2
- version/op5 monitor/2.4
- version/op5 monitor/3.0