{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-10-24T00:00:00", "descriptions": [{"lang": "en", "value": "MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "GLSA-201710-20", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201710-20"}, {"name": "20161215 Nagios Core < 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565]", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/539925/100/0/threaded"}, {"name": "1037488", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1037488"}, {"name": "94922", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94922"}, {"name": "RHSA-2017:0258", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0258.html"}, {"name": "RHSA-2017:0212", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"}, {"name": "RHSA-2017:0213", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/140169/Nagios-Core-Curl-Command-Injection-Code-Execution.html"}, {"name": "20161215 Nagios Core < 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565]", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2016/Dec/57"}, {"name": "40920", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/40920/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.nagios.org/projects/nagios-core/history/4x/"}, {"name": "GLSA-201702-26", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201702-26"}, {"name": "RHSA-2017:0259", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0259.html"}, {"tags": ["x_refsource_MISC"], "url": "https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html"}, {"name": "RHSA-2017:0214", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"}, {"name": "RHSA-2017:0211", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-9565", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "GLSA-201710-20", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201710-20"}, {"name": "20161215 Nagios Core < 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565]", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/539925/100/0/threaded"}, {"name": "1037488", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037488"}, {"name": "94922", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94922"}, {"name": "RHSA-2017:0258", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0258.html"}, {"name": "RHSA-2017:0212", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"}, {"name": "RHSA-2017:0213", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"}, {"name": "http://packetstormsecurity.com/files/140169/Nagios-Core-Curl-Command-Injection-Code-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/140169/Nagios-Core-Curl-Command-Injection-Code-Execution.html"}, {"name": "20161215 Nagios Core < 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565]", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2016/Dec/57"}, {"name": "40920", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/40920/"}, {"name": "https://www.nagios.org/projects/nagios-core/history/4x/", "refsource": "CONFIRM", "url": "https://www.nagios.org/projects/nagios-core/history/4x/"}, {"name": "GLSA-201702-26", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201702-26"}, {"name": "RHSA-2017:0259", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0259.html"}, {"name": "https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html", "refsource": "MISC", "url": "https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html"}, {"name": "RHSA-2017:0214", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"}, {"name": "RHSA-2017:0211", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:50:38.651Z"}, "title": "CVE Program Container", "references": [{"name": "GLSA-201710-20", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201710-20"}, {"name": "20161215 Nagios Core < 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565]", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/539925/100/0/threaded"}, {"name": "1037488", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1037488"}, {"name": "94922", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/94922"}, {"name": "RHSA-2017:0258", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0258.html"}, {"name": "RHSA-2017:0212", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"}, {"name": "RHSA-2017:0213", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/140169/Nagios-Core-Curl-Command-Injection-Code-Execution.html"}, {"name": "20161215 Nagios Core < 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565]", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2016/Dec/57"}, {"name": "40920", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/40920/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.nagios.org/projects/nagios-core/history/4x/"}, {"name": "GLSA-201702-26", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201702-26"}, {"name": "RHSA-2017:0259", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0259.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html"}, {"name": "RHSA-2017:0214", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"}, {"name": "RHSA-2017:0211", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-9565", "datePublished": "2016-12-15T22:00:00", "dateReserved": "2016-11-22T00:00:00", "dateUpdated": "2024-08-06T02:50:38.651Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nagios:nagios:*:*:*:*:*:*:*:*", "matchCriteriaId": "61838238-588B-48A8-879C-DE0F84E47967", "versionEndIncluding": "4.2.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796."}, {"lang": "es", "value": "MagpieRSS, como es usado en el componente front-end en Nagios Core en versiones anteriores a 4.2.2 podr\u00eda permitir a atacantes remotos leer o escribir archivos arbitrarios falsificando una respuesta manipulada del servidor de alimentaci\u00f3n Nagios RSS. NOTA: esta vulnerabilidad existe debido a una incompleta reparaci\u00f3n de CVE-2008-4796."}], "id": "CVE-2016-9565", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-12-15T22:59:00.460", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/140169/Nagios-Core-Curl-Command-Injection-Code-Execution.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2017-0258.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2017-0259.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2016/Dec/57"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/539925/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94922"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1037488"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201702-26"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201710-20"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/40920/"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.nagios.org/projects/nagios-core/history/4x/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/140169/Nagios-Core-Curl-Command-Injection-Code-Execution.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2017-0258.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2017-0259.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2016/Dec/57"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/539925/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94922"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1037488"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201702-26"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201710-20"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/40920/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.nagios.org/projects/nagios-core/history/4x/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2017:0212", "cpe": "cpe:/a:redhat:openstack:5::el6", "package": "nagios-0:3.5.1-9.el6", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6", "release_date": "2017-01-31T00:00:00Z"}, {"advisory": "RHSA-2017:0211", "cpe": "cpe:/a:redhat:openstack:5::el7", "package": "nagios-0:3.5.1-9.el7", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7", "release_date": "2017-01-31T00:00:00Z"}, {"advisory": "RHSA-2017:0213", "cpe": "cpe:/a:redhat:openstack:6::el7", "package": "nagios-0:3.5.1-9.el7", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7", "release_date": "2017-01-31T00:00:00Z"}, {"advisory": "RHSA-2017:0214", "cpe": "cpe:/a:redhat:openstack:7::el7", "package": "nagios-0:3.5.1-9.el7", "product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7", "release_date": "2017-01-31T00:00:00Z"}, {"advisory": "RHSA-2017:0259", "cpe": "cpe:/a:redhat:storage:3.1:nagios:el6", "package": "nagios-0:3.5.1-9.el6", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2017-02-07T00:00:00Z"}, {"advisory": "RHSA-2017:0258", "cpe": "cpe:/a:redhat:storage:3.1:nagios:el7", "package": "nagios-0:3.5.1-9.el7", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 7", "release_date": "2017-02-07T00:00:00Z"}], "bugzilla": {"description": "nagios: Command injection via curl in MagpieRSS", "id": "1405363", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1405363"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "cvss3": {"cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-77", "details": ["MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796.", "It was found that an attacker who could control the content of an RSS feed could execute code remotely using the Nagios web interface. This flaw could be used to gain access to the remote system and in some scenarios control over the system."], "mitigation": {"lang": "en:us", "value": "#!/bin/bash\nmv /usr/share/nagios/html/includes/rss /usr/share/nagios/html/includes/rss.disarmed\nmv /usr/share/nagios/html/rss-corefeed.php /usr/share/nagios/html/rss-corefeed.php.disarmed\nmv /usr/share/nagios/html/rss-newsfeed.php /usr/share/nagios/html/rss-newsfeed.php.disarmed\nThis should disable rss from nagios installation and stop affected php code from being executed. Only downside to this would be news widget wont fetch any data from nagios.org rss feeds."}, "name": "CVE-2016-9565", "package_state": [{"cpe": "cpe:/a:redhat:mobile_application_platform:4", "fix_state": "Will not fix", "package_name": "nagios", "product_name": "Red Hat Mobile Application Platform 4"}, {"cpe": "cpe:/a:redhat:openstack:10", "fix_state": "Not affected", "package_name": "nagios", "product_name": "Red Hat OpenStack Platform 10 (Newton)"}, {"cpe": "cpe:/a:redhat:openstack:8", "fix_state": "Not affected", "package_name": "nagios", "product_name": "Red Hat OpenStack Platform 8 (Liberty)"}, {"cpe": "cpe:/a:redhat:openstack:9", "fix_state": "Not affected", "package_name": "nagios", "product_name": "Red Hat OpenStack Platform 9 (Mitaka)"}], "public_date": "2016-12-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-9565\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9565\nhttps://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html"], "threat_severity": "Important"}