Contact Us
SECURITY BLOG SECURITY DASHBOARD PARTNERS PRODUCTS JOBS SERVICES COMPANY HOME
 
Security Dashboard | US-CERTs | SecurityFocus | Advisories | Exploits | Threats | Vulnerabilities | Risks
Network Security Consulting Advisories Article

Nagios XI Unspecified Command Injection Vulnerability

http://www.securityfocus.com/bid/54263

Security Info

Bugtraq ID: 54263
Class: Input Validation Error
CVE:
Remote: Yes
Local: No
Published: Jul 02 2012 12:00AM
Updated: Jul 03 2012 01:50PM
Credit: Daniel Compton of NCC Group
Vulnerable:
Not Vulnerable:

Security Discussion

Nagios XI is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input.

Attackers can exploit this issue to execute arbitrary commands in the context of the web server process. Successful exploits could compromise the application and possibly the underlying system.

Proof of Concept and Security Exploits

An attacker can exploit the issue through a browser.

Security Solution(s)

Solution:
Updates are available. Please see the references for more information.

Security References(s)

References:

Contact Us

Security Penetration Testing

Security Questions

Security Dashboard

Emagined Security Blog featuring Dr. Eugene Schultz
Site Updated May 23, 2013
©2000-2013 Emagined Security
All Rights Reserved

Secure Web Programming
by Vizual Services