CyberSec.Space Logo
Back to CVE Browser

CVE-2008-7313

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0730%
EPSS Percentile35.37th
PublishedMar 31, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796.

Affected Platforms (CPE)

πŸ“¦
Snoopy

Snoopy

All versions
πŸ“¦
Redhat

Openstack

= 5.0
πŸ“¦
Redhat

Openstack

= 6.0
πŸ“¦
Nagios

Nagios

<= 4.2.3

References & Advisories

πŸ”— http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27
πŸ”— http://www.openwall.com/lists/oss-security/2014/07/09/11
πŸ”— http://www.openwall.com/lists/oss-security/2014/07/16/10
πŸ”— http://www.openwall.com/lists/oss-security/2014/07/18/2
πŸ”— http://www.securityfocus.com/bid/68776
πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=1121497
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/94737
πŸ”— https://rhn.redhat.com/errata/RHSA-2017-0211.html

Related Vulnerabilities

CVE-2008-479610.0

The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) m...

CVE-2018-157089.8

Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request.

CVE-2002-24449.8

Snoopy before 2.0.0 has a security hole in exec cURL

CVE-2014-50089.8

Snoopy allows remote attackers to execute arbitrary commands.