Nagios Cross-site Request Forgery (CSRF) And Authentication Bypass Vulnerability Network Vulnerability

Summary

This host has Nagios installed and is prone to CSRF (Cross Site Request Forgery) and Authentication Bypass vulnerability.

Impact

Successful exploitation will allow attackers to execute certain commands with disable notification actions when a logged-in user visits a malicious web site. Impact Level: Application

Solution

Upgrade to Nagios version 3.2.1 or later. For updates refer to http://www.nagios.org/ ***** NOTE : Nagios 3.0.5 is prone only to CSRF and not authentication bypass. *****

Insight

The flaw exists due to improper validation of user supplied inputs passed to custom form, browser addon and cmd.cgi script.

Affected

Nagios 3.0.5 and prior on Linux.

References

http://secunia.com/advisories/32543
http://secunia.com/advisories/32610

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-5027, CVE-2008-5028

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe ColdFusion Multiple Vulnerabilities-03 May-2014
Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities
Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
Apache Tomcat Information Disclosure Vulnerability

Nagios Cross-site Request Forgery (CSRF) and Authentication Bypass Vulnerability

Take action and discover your vulnerabilities