Описание
The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796.
Various command-execution flaws were found in the Snoopy library included with Nagios. These flaws allowed remote attackers to execute arbitrary commands by manipulating Nagios HTTP headers.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenStack Platform 3 | nagios | Will not fix | ||
| Red Hat OpenStack Platform 4 | nagios | Will not fix | ||
| Red Hat Storage 2.1 | nagios | Will not fix | ||
| Red Hat Storage 3.0 | nagios | Will not fix | ||
| Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6 | nagios | Fixed | RHSA-2017:0212 | 31.01.2017 |
| Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7 | nagios | Fixed | RHSA-2017:0211 | 31.01.2017 |
| Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 | nagios | Fixed | RHSA-2017:0213 | 31.01.2017 |
| Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 | nagios | Fixed | RHSA-2017:0214 | 31.01.2017 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.2 High
CVSS3
7.5 High
CVSS2
Связанные уязвимости
The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796.
The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796.
The _httpsrequest function in Snoopy allows remote attackers to execut ...
The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796.
EPSS
7.2 High
CVSS3
7.5 High
CVSS2