CVE - CVE-2008-5028

CVE-ID
CVE-2008-5028	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:http://git.op5.org/git/?p=nagios.git;a=commit;h=814d8d4d1a73f7151eeed187c0667585d79fea18 CONFIRM:http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor GENTOO:GLSA-200907-15 URL:http://security.gentoo.org/glsa/glsa-200907-15.xml HP:HPSBMA02419 URL:http://marc.info/?l=bugtraq&m=124156641928637&w=2 HP:SSRT090060 URL:http://marc.info/?l=bugtraq&m=124156641928637&w=2 MLIST:[nagios-devel] 20081107 Security fixes completed URL:http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se&forum_name=nagios-devel MLIST:[oss-security] 20081106 CVE request: Nagios (two issues) URL:http://www.openwall.com/lists/oss-security/2008/11/06/2 OSVDB:49678 URL:~~http://osvdb.org/49678~~ (Obsolete source) SECTRACK:1022165 URL:http://www.securitytracker.com/id?1022165 SECUNIA:32610 URL:http://secunia.com/advisories/32610 SECUNIA:32630 URL:http://secunia.com/advisories/32630 SECUNIA:33320 URL:http://secunia.com/advisories/33320 SECUNIA:35002 URL:http://secunia.com/advisories/35002 UBUNTU:USN-698-3 URL:https://www.ubuntu.com/usn/USN-698-3/ VUPEN:ADV-2008-3029 URL:~~http://www.vupen.com/english/advisories/2008/3029~~ (Obsolete source) VUPEN:ADV-2009-1256 URL:~~http://www.vupen.com/english/advisories/2009/1256~~ (Obsolete source) XF:nagios-cmd-csrf(46426) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/46426 XF:op5monitor-unspecified-csrf(46521) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/46521
Assigning CNA
MITRE Corporation
Date Record Created
20081110	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20081110)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)