CVE-2007-5198

Current Description

Buffer overflow in the redir function in check_http.c in Nagios Plugins before 1.4.10, when running with the -f (follow) option, allows remote web servers to execute arbitrary code via Location header responses (redirects) with a large number of leading "L" characters.

Basic Data

PublishedOctober 04, 2007
Last ModifiedMarch 08, 2011
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-119
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score6.8
SeverityMEDIUM
Exploitability Score8.6
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationNagiosPlugins********1.4.9

Vulnerable Software List

VendorProductVersions
Nagios Plugins *

References

NameSourceURLTags
http://bugs.gentoo.org/show_bug.cgi?id=194178http://bugs.gentoo.org/show_bug.cgi?id=194178CONFIRM
27124http://secunia.com/advisories/27124SECUNIA
27362http://secunia.com/advisories/27362SECUNIA
27609http://secunia.com/advisories/27609SECUNIA
27965http://secunia.com/advisories/27965SECUNIA
28930http://secunia.com/advisories/28930SECUNIA
29862http://secunia.com/advisories/29862SECUNIA
GLSA-200711-11http://security.gentoo.org/glsa/glsa-200711-11.xmlGENTOO
http://sourceforge.net/forum/forum.php?forum_id=740172http://sourceforge.net/forum/forum.php?forum_id=740172CONFIRM
http://sourceforge.net/tracker/index.php?func=detail&aid=1687867&group_id=29880&atid=397597http://sourceforge.net/tracker/index.php?func=detail&aid=1687867&group_id=29880&atid=397597CONFIRMExploit
http://sourceforge.net/tracker/index.php?func=detail&aid=1813346&group_id=29880&atid=397597http://sourceforge.net/tracker/index.php?func=detail&aid=1813346&group_id=29880&atid=397597CONFIRM
DSA-1495http://www.debian.org/security/2008/dsa-1495DEBIAN
MDVSA-2008:067http://www.mandriva.com/security/advisories?name=MDVSA-2008:067MANDRIVA
SUSE-SR:2007:025http://www.novell.com/linux/security/advisories/2007_25_sr.htmlSUSE
25952http://www.securityfocus.com/bid/25952BID
USN-532-1http://www.ubuntu.com/usn/usn-532-1UBUNTU
ADV-2007-3394http://www.vupen.com/english/advisories/2007/3394VUPEN
FEDORA-2008-3061https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00249.htmlFEDORA
FEDORA-2008-3098https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00282.htmlFEDORA
FEDORA-2008-3146https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00320.htmlFEDORA