Nagios 'statuswml.cgi' Remote Arbitrary Shell Command Injection Vulnerability Network Vulnerability

Summary

Nagios is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Remote attackers can exploit this issue to execute arbitrary shell commands with the privileges of the user running the application. Note that for an exploit to succeed, access to the WAP interface's ping feature must be allowed. Versions prior to Nagios 3.1.1 are vulnerable.

Solution

The vendor has released updates. Please see http://www.nagios.org/ for more information.

References

http://www.securityfocus.com/bid/35464

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-2288

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe ExtendedScript Toolkit (ESTK) Insecure Library Loading Vulnerability (Win)
Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Windows
Adobe Air Multiple Vulnerabilities - November12 (Mac OS X)
Adobe Air and Flash Player Multiple Vulnerabilities (Mac OS X)
Adobe Acrobat Out-of-bounds Vulnerability Feb15 (Windows)

Take action and discover your vulnerabilities