cbcvebase.
CVE-2013-7108
published 2014-01-15

CVE-2013-7108: Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote…

PriorityP348medium5.5CVSS 2.0
AVNACLAuSCPINAP
EXPLOIT
EPSS
59.55%
99.0th percentile
Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read.

Affected

55 ranges· showing 25
VendorProductVersion rangeFixed in
icingaicinga<= 1.8.4
icingaicinga
icingaicinga
icingaicinga
icingaicinga
icingaicinga
icingaicinga
icingaicinga
icingaicinga
icingaicinga
icingaicinga
icingaicinga
icingaicinga
icingaicinga
icingaicinga
icingaicinga
icingaicinga
icingaicinga
icingaicinga
icingaicinga
icingaicinga
icingaicinga
icingaicinga
icingaicinga
icingaicinga

Detection & IOCsextracted from sources · hover to see the quote

urlhttp://www.example.com/cgi-bin/config.cgi?b=aaaa[..2000 times]
  • Attack targets Nagios/Icinga CGI endpoints (avail.cgi, cmd.cgi, config.cgi, extinfo.cgi, histogram.cgi, notifications.cgi, outages.cgi, status.cgi, statusmap.cgi, summary.cgi, trends.cgi) via an abnormally long string value in the last key-value pair of the CGI query string, triggering a heap-based buffer over-read in process_cgivars()
  • Monitor HTTP requests to Nagios/Icinga CGI scripts where a query-string parameter value is excessively long (e.g., ~2000+ characters), particularly when it is the last key=value pair in the request
  • ·Exploitation requires the attacker to be a remote authenticated user; unauthenticated access alone is insufficient to trigger the vulnerability

CVSS provenance

nvdv2.05.5MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:P
osv5.5MEDIUM
vendor_redhat5.5MEDIUM
vendor_ubuntu5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.