Your submission was sent successfully! Close

CVE-2016-9565

Published: 15 December 2016

MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
nagios3
Launchpad, Ubuntu, Debian
Upstream
Released (3.5.1-1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [3.5.1-1ubuntu1])