Summary
This host has Nagios installed and is prone to CSRF (Cross Site Request Forgery) and Authentication Bypass vulnerability.
Impact
Successful exploitation will allow attackers to execute certain commands with disable notification actions when a logged-in user visits a malicious web site.
Impact Level: Application
Solution
Upgrade to Nagios version 3.2.1 or later.
For updates refer to http://www.nagios.org/
*****
NOTE : Nagios 3.0.5 is prone only to CSRF and not authentication bypass.
*****
Insight
The flaw exists due to improper validation of user supplied inputs passed to custom form, browser addon and cmd.cgi script.
Affected
Nagios 3.0.5 and prior on Linux.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-5027, CVE-2008-5028 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities