- Home
- CVEs with nessus.description==The remote host is affected by the vulnerability described in GLSA-200907-15 (Nagios: Execution of arbitrary code)
Multiple vulnerabilities have been reported in Nagios:
Paul reported that statuswml.cgi does not properly sanitize shell metacharacters in the (1) ping and (2) traceroute parameters (CVE-2009-2288).
Nagios does not properly verify whether an authenticated user is authorized to run certain commands (CVE-2008-5027).
Andreas Ericsson reported that Nagios does not perform validity checks to verify HTTP requests, leading to Cross-Site Request Forgery (CVE-2008-5028).
An unspecified vulnerability in Nagios related to CGI programs, 'adaptive external commands,' and 'writing newlines and submitting service comments' has been reported (CVE-2008-6373).
Impact :
A remote authenticated or unauthenticated attacker may exploit these vulnerabilities to execute arbitrary commands or elevate privileges.
Workaround :
There is no known workaround at this time.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top