CVE-2016-7067
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2016-7067
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-7067.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2016-7067
- Downstream
- Related
- Published
- 2018-09-10T14:29:00Z
- Modified
- 2025-10-07T23:01:34.487860Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Monit before version 5.20.0 is vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host or disable/enable monitoring for a specific service.
- References
Affected packages
Git / bitbucket.org/tildeslash/monit
Affected ranges
- Type
- GIT
- Repo
- https://bitbucket.org/tildeslash/monit
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedc6ec3820e627f85417053e6336de2987f2d863e3
Affected versions
Other
release-5-10-0
release-5-11-0
release-5-12-0
release-5-12-1
release-5-12-2
release-5-13-0
release-5-14-0
release-5-15-0
release-5-16-0
release-5-17-0
release-5-17-1
release-5-18-0
release-5-19-0
release-5-7
release-5-8
release-5-8-1
release-5-8-2
release-5-9-0
Database specific
{
"vanir_signatures": [
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"47834363627432994394941712149580670725",
"277182655633106548696083805084788527293",
"267712633928111273252454396106096828253",
"166491238708241429445549474639192159897",
"254482767731966755878036000391118356764",
"137638344717428258947694333945909838333",
"3834001138109409576880320361303009140",
"169153973667987671489518486790331283771",
"65569343590384356120582544637014006465"
]
},
"source": "https://bitbucket.org/tildeslash/monit@c6ec3820e627f85417053e6336de2987f2d863e3",
"deprecated": false,
"target": {
"file": "src/http/processor.h"
},
"signature_type": "Line",
"id": "CVE-2016-7067-0ab8f8fe"
},
{
"signature_version": "v1",
"digest": {
"length": 955.0,
"function_hash": "134711813964087333612613483757610413641"
},
"source": "https://bitbucket.org/tildeslash/monit@c6ec3820e627f85417053e6336de2987f2d863e3",
"deprecated": false,
"target": {
"file": "src/http/cervlet.c",
"function": "doGet"
},
"signature_type": "Function",
"id": "CVE-2016-7067-0e47f2aa"
},
{
"signature_version": "v1",
"digest": {
"length": 546.0,
"function_hash": "224498831134872761174278931363828989988"
},
"source": "https://bitbucket.org/tildeslash/monit@c6ec3820e627f85417053e6336de2987f2d863e3",
"deprecated": false,
"target": {
"file": "src/http/processor.c",
"function": "set_header"
},
"signature_type": "Function",
"id": "CVE-2016-7067-1978345e"
},
{
"signature_version": "v1",
"digest": {
"length": 102.0,
"function_hash": "2193552663784285707073098000075196915"
},
"source": "https://bitbucket.org/tildeslash/monit@c6ec3820e627f85417053e6336de2987f2d863e3",
"deprecated": false,
"target": {
"file": "src/http/processor.c",
"function": "set_content_type"
},
"signature_type": "Function",
"id": "CVE-2016-7067-20b33644"
},
{
"signature_version": "v1",
"digest": {
"length": 494.0,
"function_hash": "218312539700364547470518769373272913397"
},
"source": "https://bitbucket.org/tildeslash/monit@c6ec3820e627f85417053e6336de2987f2d863e3",
"deprecated": false,
"target": {
"file": "src/http/cervlet.c",
"function": "doPost"
},
"signature_type": "Function",
"id": "CVE-2016-7067-4150d27d"
},
{
"signature_version": "v1",
"digest": {
"length": 1438.0,
"function_hash": "67432104667473644500770491842674951202"
},
"source": "https://bitbucket.org/tildeslash/monit@c6ec3820e627f85417053e6336de2987f2d863e3",
"deprecated": false,
"target": {
"file": "src/http/cervlet.c",
"function": "print_buttons"
},
"signature_type": "Function",
"id": "CVE-2016-7067-4caec8aa"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"34741484029879535909098441783033831147",
"119388722997659626506768261954566050687",
"98477516296315348659985498718143903427",
"67541156869833349553834196878915214862",
"329392448566353066077062937600154900055",
"13803009026484832924813952956713605202",
"326456173665104066167743658119245083529",
"192452604587365605351765466904168844925",
"243155332089599953876102764426062123122",
"154671161637610719796684970251786412729",
"47628070387897194416719079919500214284",
"96328699687579848377681132835188758059",
"131841806574992453901447998090645006210",
"168538741794593750680379869595009750618",
"53112359813046879972959861131536726642",
"195180449654011067479993181158909406771",
"149125067427432166114731823771502060157",
"25139420196760754136688564329771586749",
"154379445011440827701449275404781938702",
"178192762658042063962866323166030950341",
"257319105385346250369386728681468357312"
]
},
"source": "https://bitbucket.org/tildeslash/monit@c6ec3820e627f85417053e6336de2987f2d863e3",
"deprecated": false,
"target": {
"file": "src/util.c"
},
"signature_type": "Line",
"id": "CVE-2016-7067-5579a49b"
},
{
"signature_version": "v1",
"digest": {
"length": 671.0,
"function_hash": "290327457434627181883412454188722140534"
},
"source": "https://bitbucket.org/tildeslash/monit@c6ec3820e627f85417053e6336de2987f2d863e3",
"deprecated": false,
"target": {
"file": "src/http/cervlet.c",
"function": "handle_run"
},
"signature_type": "Function",
"id": "CVE-2016-7067-67a96324"
},
{
"signature_version": "v1",
"digest": {
"length": 287.0,
"function_hash": "297131000078401106066834327154529971125"
},
"source": "https://bitbucket.org/tildeslash/monit@c6ec3820e627f85417053e6336de2987f2d863e3",
"deprecated": false,
"target": {
"file": "src/http/processor.c",
"function": "create_HttpResponse"
},
"signature_type": "Function",
"id": "CVE-2016-7067-92bb1612"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"154615118734743522721765332355388582647",
"220345053576515515213215742790291761822",
"301266559315011595922958977880004885576",
"262332018435484366649149027757226544740",
"178093153625772749724343887608230106143",
"340155178931562487599195748249320726224",
"323228411695593508911298061530192486454",
"106568957568594115796483434650454496414",
"117064352088575110249597110305182745120",
"149379221063028874369352694635487988129",
"39626304588473039431198855942736161626",
"244611928130839113793537461102638465209",
"206998193159425947262324140003333326314",
"297481537930070006949881437883945507323",
"211953881856012354726136590375446615502",
"172686431575459839959911832010590796457",
"245008622538298087487586404131745715785",
"162119746107139843397092219124718537695",
"18995998734739085977420151546453402230",
"63357355073547043024499788336627475534",
"282389881434882697109065587383400345743",
"240522512309630831697827857464120036961",
"63023319149774050960125992398873200987",
"66898391509629508073844770580108520255"
]
},
"source": "https://bitbucket.org/tildeslash/monit@c6ec3820e627f85417053e6336de2987f2d863e3",
"deprecated": false,
"target": {
"file": "src/http/processor.c"
},
"signature_type": "Line",
"id": "CVE-2016-7067-9787f5e7"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"29641121641434054656812538303133310699",
"40996351741408920994671436135303411256",
"293381507493638849953535976100408494315",
"276572349677948255959744397521023347899",
"306353894899870117992365831519238624367",
"118137976420436594641242815662264365932",
"184470520204698688460219508969879255878",
"302447085149193798432786919558642520272"
]
},
"source": "https://bitbucket.org/tildeslash/monit@c6ec3820e627f85417053e6336de2987f2d863e3",
"deprecated": false,
"target": {
"file": "src/http/client.c"
},
"signature_type": "Line",
"id": "CVE-2016-7067-9f51475a"
},
{
"signature_version": "v1",
"digest": {
"length": 587.0,
"function_hash": "31330385125016570855670532852750168601"
},
"source": "https://bitbucket.org/tildeslash/monit@c6ec3820e627f85417053e6336de2987f2d863e3",
"deprecated": false,
"target": {
"file": "src/http/processor.c",
"function": "do_service"
},
"signature_type": "Function",
"id": "CVE-2016-7067-a95064d2"
},
{
"signature_version": "v1",
"digest": {
"length": 580.0,
"function_hash": "129927301669698988768343420654156714543"
},
"source": "https://bitbucket.org/tildeslash/monit@c6ec3820e627f85417053e6336de2987f2d863e3",
"deprecated": false,
"target": {
"file": "src/http/client.c",
"function": "_send"
},
"signature_type": "Function",
"id": "CVE-2016-7067-b8651be3"
},
{
"signature_version": "v1",
"digest": {
"length": 1284.0,
"function_hash": "299944769951155789542863281632704152111"
},
"source": "https://bitbucket.org/tildeslash/monit@c6ec3820e627f85417053e6336de2987f2d863e3",
"deprecated": false,
"target": {
"file": "src/util.c",
"function": "Util_monitId"
},
"signature_type": "Function",
"id": "CVE-2016-7067-c3984d95"
},
{
"signature_version": "v1",
"digest": {
"length": 10126.0,
"function_hash": "284279249881230539760911337580676659449"
},
"source": "https://bitbucket.org/tildeslash/monit@c6ec3820e627f85417053e6336de2987f2d863e3",
"deprecated": false,
"target": {
"file": "src/http/cervlet.c",
"function": "do_runtime"
},
"signature_type": "Function",
"id": "CVE-2016-7067-d6dead0d"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"192933029002802026759115472188189409537",
"57119944787294146809770063554548556000",
"184244492502897273008936366950214885901",
"71561382352761807732242019979659010581",
"57970794420734942627629825204012626173",
"325675511313475066372707079255285544198",
"7470974416244627505918105207892680369",
"298387060960080071632328725765451071424",
"188017275975760763470140827223021930844",
"280598067898404620697156612596148400289",
"293854717807141091885561669949990026624",
"48271513497778430561112010520361418074",
"184258391170646874971446070544179439835",
"183060476370320334827589971963729885881",
"337373596280838695213087061130694102989",
"34088967627481649654640399743505254936",
"251567782791454303299988142019444953737",
"297220391155066134708562233705887173384",
"330650175060918805936376540035541508543",
"327089547061529602912496623339580817988",
"208352533155414700310198605002547870431",
"121666693444415738019097156970701573284",
"245968235675874348960377281273073720359",
"46666542663439679784830907537043008154",
"24739128120874739564177904980331338296",
"115946399545455698224195377028075344755",
"41152079452442446463729238085611723676",
"291930545740427654551627517864067194882",
"55881573275099685103929689647317039242",
"278557913955656237580524132622264389831",
"157238448543576160856451861064305031944",
"118040855134784118555403056748804694247",
"278319032460847001690515474078273385071",
"298321598096609170613989470564078215076",
"44224632565139072832151402666998012033",
"248667261963340829928281262382169615027",
"92156066465715789246654643649261516338",
"53386819575993321653565239021563160103",
"198493354777818298665619832826628590331",
"121274515384479072108665289265254953291",
"198357679119122642721833485087251238614",
"200313843492897072888694879779021327067",
"323127542956437825545922895350401105286",
"144651370621037422856179549107940006759",
"178970202469160477752764302415027218787",
"106488038791984674552069546584849591200",
"139052701068094638881397876725589851051",
"173196084658469037078650886764484488221",
"299263883488760819433395987160210905219",
"205015725612214707400602543845421625640",
"176329901939923168083889898525568702611",
"35276912722325596291011548430779170199",
"187494545831099907145870104187590586691",
"98046207367774236205871284428192011491",
"169258533717786751695017441177805282122",
"269218280582617182229942007249173684714",
"28960244463004708317731775856821535444",
"291466320774568720624421551722446009532",
"126278133935098052276452953786616088667",
"239879031297804133311871410120940283094",
"207425801169173696205641208734063688379",
"242325908814789011852842603914527230163",
"45076205223204334069014061432090617379",
"281847383450186908248495565930038293601",
"51850753848748337258432804184611522276",
"86626568737997636771437714665072757520",
"150572904180318854545889331525888382756",
"148505535652156452970795688795017378082",
"198891920007683568277387508256526308042",
"167629566154365176198467034735730779555",
"71839321509334667278063051393481988617",
"269774226431843843554000624420268614391",
"4359759195511181666354690369726506296",
"122796515624502953017931999583115359846",
"197676459482328128950717758151111539543",
"211327385688779847049689216466315478565",
"16189862854148624572273103966356786384",
"22358858292042916630741358310063774229",
"59824578872975258625628908334621576065",
"294481859260449480380419509632254250670",
"255622802440748912621598131880093890011",
"164185628407373483352376248805048738909",
"233574771153379530945558888282028096270",
"32160321551796275866909706198566404174",
"103802736809145915824244885774261211577",
"157886340929468637190628046328030446907",
"147313733673299364293854915313371038232",
"289016142513066912641765524773761382377",
"38688439132218291842806072054289925438",
"127079339880931777706716158138573251519",
"85891403873673934233952291232403300004",
"154603521004192499156899979342481566831",
"292095449205077979518266994149275433578",
"64937671874973873679607869228410208338",
"26029652817922412807658309217927959012",
"301547473006814970233801576080437380048"
]
},
"source": "https://bitbucket.org/tildeslash/monit@c6ec3820e627f85417053e6336de2987f2d863e3",
"deprecated": false,
"target": {
"file": "src/http/cervlet.c"
},
"signature_type": "Line",
"id": "CVE-2016-7067-dab0535f"
},
{
"signature_version": "v1",
"digest": {
"length": 449.0,
"function_hash": "290069345590759690349399721844754085991"
},
"source": "https://bitbucket.org/tildeslash/monit@c6ec3820e627f85417053e6336de2987f2d863e3",
"deprecated": false,
"target": {
"file": "src/http/processor.c",
"function": "is_authenticated"
},
"signature_type": "Function",
"id": "CVE-2016-7067-e724299c"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"143217641277221694670564938475714589506",
"176146559991170064533739561791110247802",
"278725105102398576238030624763330045820",
"300006789898599360170788847792009136020",
"137308201285406409620641608295002854064",
"61246022059150286931444770002643056270"
]
},
"source": "https://bitbucket.org/tildeslash/monit@c6ec3820e627f85417053e6336de2987f2d863e3",
"deprecated": false,
"target": {
"file": "src/util.h"
},
"signature_type": "Line",
"id": "CVE-2016-7067-f2a88805"
}
]
}