VDB
CVE-2009-2288
CVE-2009-2288
PUBLISHED
CVSS 7.5 HIGH
statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters.
EPSS 93.26% · 99.8th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
93.26%
99.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | * |
| nagios | nagios | 1.0, 1.0b1, 1.0b2 |
Timeline
- May 22, 2009 PoC Published
- Jul 1, 2009 CVE Published
- Oct 30, 2009 PoC Published
- Jul 14, 2010 PoC Published
- May 29, 2018 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
References
- 35688 third-party-advisory
- GLSA-200907-15 vendor-advisory
- 35543 third-party-advisory
- 39227 third-party-advisory
- http://tracker.nagios.org/view.php?id=15 url
- http://www.nagios.org/development/history/core-3x/ url
- HPSBMA02513 vendor-advisory
- ADV-2010-0750 vdb
- 35692 third-party-advisory
- 1022503 vdb
- USN-795-1 vendor-advisory
- DSA-1825 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2009-2288 advisory
- http://www.nagios.org/development/history/core-3x url