CVE DATABASE / CVE-2008-5027
CVE-2008-5027
CVSS 6.5 · MEDIUM
Summary
The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon.
CVSS 2.0 breakdown
| Base score | 6.5 (MEDIUM) |
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Confidentiality | PARTIAL |
| Integrity | PARTIAL |
| Availability | PARTIAL |
Weakness type (CWE)
Affected products
Nagios nagiosOp5 monitor
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://marc.info/?l=bugtraq&m=124156641928637&w=2
- http://secunia.com/advisories/33320
- http://secunia.com/advisories/35002
- http://security.gentoo.org/glsa/glsa-200907-15.xml
- http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se&forum_name=nagios-devel
- http://www.nagios.org/development/history/nagios-3x.php
- http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor
- http://www.openwall.com/lists/oss-security/2008/11/06/2
- http://www.securityfocus.com/bid/32156
- http://www.securitytracker.com/id?1022165
- http://www.ubuntu.com/usn/USN-698-1
- http://www.vupen.com/english/advisories/2008/3029
- http://www.vupen.com/english/advisories/2008/3364
- http://www.vupen.com/english/advisories/2009/1256
- https://www.ubuntu.com/usn/USN-698-3/
Data: NIST NVD. NVD last modified 2026-04-23. Always verify against the vendor advisory before acting.