Nagios 'statuswml.cgi' Remote Arbitrary Shell Command Injection Vulnerability

Nagios 'statuswml.cgi' Remote Arbitrary Shell Command Injection Vulnerability

An attacker can exploit the issue via a browser.

The following example URI is available:

https://www.example.com/nagios/cgi-bin/statuswml.cgi?ping=173.45.235.65%3Becho+%24PATH

The following commercial exploit is available for Immunity CANVAS:

https://www.immunityinc.com/downloads/immpartners/nagios_ping.tar.gz

Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.