Signature Detail
Short Name |
HTTP:NAGIOS-GRAPHEXPLORE-CMDINJ |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Nagios Network Monitor Graph Explorer Component Command Injection |
Release Date |
2013/01/11 |
Update Number |
2224 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Nagios Network Monitor Graph Explorer Component Command Injection
This signature detects attempts to exploit a command injection vulnerability in Nagios Network Monitor. A successful attack can lead to execute arbitrary commands within the security context of the application.
Extended Description
Nagios XI is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input. Attackers can exploit this issue to execute arbitrary commands in the context of the web server process. Successful exploits could compromise the application and possibly the underlying system. Nagios XI Network Monitor 2011R1.9, Nagios XI Graph Explorer component versions prior to 1.3 are vulnerable.
Affected Products
- Nagios Nagios XI Graph Explorer Component 1.2
- Nagios Nagios XI Network Monitor 2011R1.9
References
- BugTraq: 54263