CVE ID:	CVE-2008-5028
Description:	Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2008-5028 http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se&forum_name=nagios-devel http://www.openwall.com/lists/oss-security/2008/11/06/2 http://security.gentoo.org/glsa/glsa-200907-15.xml HPdes Security Advisory: HPSBMA02419 http://marc.info/?l=bugtraq&m=124156641928637&w=2 HPdes Security Advisory: SSRT090060 http://marc.info/?l=bugtraq&m=124156641928637&w=2 https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-December/000815.html http://osvdb.org/49678 http://www.securitytracker.com/id?1022165 http://secunia.com/advisories/32610 http://secunia.com/advisories/33320 http://secunia.com/advisories/35002 http://secunia.com/advisories/32630 http://www.vupen.com/english/advisories/2008/3029 http://www.vupen.com/english/advisories/2009/1256 XForce ISS Database: nagios-cmd-csrf(46426) http://xforce.iss.net/xforce/xfdb/46426 XForce ISS Database: op5monitor-unspecified-csrf(46521) http://xforce.iss.net/xforce/xfdb/46521

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: