Nagios XI Multiple Cross Site Request Forgery Vulnerabilities Network Vulnerability

Summary

Nagios XI is prone to multiple cross-site request-forgery vulnerabilities because the application fails to properly validate HTTP requests. Successful exploit requires that the 'nagiosadmin' be logged into the web interface. Attackers can exploit these issues to gain unauthorized access to the affected application and perform certain administrative actions. Nagios XI 2009R1.2B is vulnerable other versions may also be affected.

Solution

Reportedly, these issues have been fixed in Nagios XI 2009R1.2C. Please see the references for more information.

References

http://www.nagios.com/products/nagiosxi
https://www.securityfocus.com/bid/42322

Updated on 2017-03-28

Severity

Classification

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

An Image Gallery Directory Traversal Vulnerability
Apache Tomcat Login Constraints Security Bypass Vulnerability
Apache Tomcat Directory Listing and File disclosure
11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability

Take action and discover your vulnerabilities