CVE-2008-5028

Nagios < 3.0.4 - Cross-Site Request Forgery

Title source: llm

Description

Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests.

References (17)

Core 17

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/46426

Patch mailing-list x_refsource_mlist

http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se&forum_name=nagios-devel

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/46521

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-200907-15.xml

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/33320

Various Sources x_refsource_confirm

http://git.op5.org/git/?p=nagios.git%3Ba=commit%3Bh=814d8d4d1a73f7151eeed187c0667585d79fea18

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2008/11/06/2

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1022165

Vendor Advisory vendor-advisory x_refsource_ubuntu

https://www.ubuntu.com/usn/USN-698-3/

Patch, Vendor Advisory x_refsource_confirm

http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/3029

Mailing List vendor-advisory x_refsource_hp

http://marc.info/?l=bugtraq&m=124156641928637&w=2

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/1256

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32610

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32630

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/35002

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/49678

Scores

EPSS 0.0127

EPSS Percentile 79.8%

Details

CWE

CWE-352

Status published

Products (36)

nagios/nagios 1.0

nagios/nagios 1.0_b1

nagios/nagios 1.0_b2

nagios/nagios 1.0_b3

nagios/nagios 1.0b1

nagios/nagios 1.0b2

nagios/nagios 1.0b3

nagios/nagios 1.0b4

nagios/nagios 1.0b5

nagios/nagios 1.0b6

... and 26 more

Published Nov 10, 2008

Tracked Since Feb 18, 2026