HTTP: Nagios Network Monitor Graph Explorer Component Command Injection
This signature detects attempts to exploit a command injection vulnerability in Nagios Network Monitor. A successful attack can lead to execute arbitrary commands within the security context of the application.
Extended Description
Nagios XI is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input. Attackers can exploit this issue to execute arbitrary commands in the context of the web server process. Successful exploits could compromise the application and possibly the underlying system. Nagios XI Network Monitor 2011R1.9, Nagios XI Graph Explorer component versions prior to 1.3 are vulnerable.
Affected Products
Nagios nagios_xi_network_monitor
References
BugTraq: 54263
Short Name
HTTP:NAGIOS-GRAPHEXPLORE-CMDINJ
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Command Component Explorer Graph Injection Monitor Nagios Network bid:54263
Release Date
01/11/2013
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Nagios