Short Name |
HTTP:NAGIOS-GRAPHEXPLORE-CMDINJ |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Nagios Network Monitor Graph Explorer Component Command Injection |
Release Date |
2013/01/11 |
Update Number |
2224 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a command injection vulnerability in Nagios Network Monitor. A successful attack can lead to execute arbitrary commands within the security context of the application.
Nagios XI is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input. Attackers can exploit this issue to execute arbitrary commands in the context of the web server process. Successful exploits could compromise the application and possibly the underlying system. Nagios XI Network Monitor 2011R1.9, Nagios XI Graph Explorer component versions prior to 1.3 are vulnerable.