Vulnerability Description
Monit before version 5.20.0 is vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host or disable/enable monitoring for a specific service.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mmonit | Monit | < 5.20.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/93953Third Party AdvisoryVDB Entry
- https://bitbucket.org/tildeslash/monit/commits/c6ec3820e627f85417053e6336de2987fExploitThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7067Issue TrackingThird Party Advisory
- https://seclists.org/oss-sec/2016/q4/267Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/93953Third Party AdvisoryVDB Entry
- https://bitbucket.org/tildeslash/monit/commits/c6ec3820e627f85417053e6336de2987fExploitThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7067Issue TrackingThird Party Advisory
- https://seclists.org/oss-sec/2016/q4/267Mailing ListThird Party Advisory
FAQ
What is CVE-2016-7067?
CVE-2016-7067 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Monit before version 5.20.0 is vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host or disable/enab...
How severe is CVE-2016-7067?
CVE-2016-7067 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-7067?
Check the references section above for vendor advisories and patch information. Affected products include: Mmonit Monit.