Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:NAGIOS-MAG-CND-INJ |
|---|---|
Severity |
Major |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Nagios XI Magpie cURL Argument Injection |
Release Date |
2018/12/20 |
Update Number |
3126 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Nagios XI Magpie cURL Argument Injection
An argument injection vulnerability has been reported in the Magpie RSS module of Nagios XI. The vulnerability is due to insufficient validation of HTTPS URLs submitted to the magpie_debug.php script. A remote, unauthenticated attacker can exploit this vulnerability by sending a request containing a crafted URL parameter to the target system. Successful exploitation could result in the execution of arbitrary code as the apache user.
Extended Description
Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request.
Affected Products
- Nagios nagios_xi 5.5.6
References
- CVE: CVE-2018-15708