{"id":"CVE-2016-7067","details":"Monit before version 5.20.0 is vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host or disable/enable monitoring for a specific service.","modified":"2026-05-18T09:59:33.370333Z","published":"2018-09-10T14:29:00.520Z","related":["openSUSE-SU-2024:10275-1"],"references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/93953"},{"type":"ADVISORY","url":"https://seclists.org/oss-sec/2016/q4/267"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7067"},{"type":"EVIDENCE","url":"https://bitbucket.org/tildeslash/monit/commits/c6ec3820e627f85417053e6336de2987f2d863e3?at=master"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://bitbucket.org/tildeslash/monit","events":[{"introduced":"0"},{"fixed":"a92ea722bbe5fcd984f64b6bb8c318186cac3ea1"},{"fixed":"c6ec3820e627f85417053e6336de2987f2d863e3"}],"database_specific":{"source":["CPE_FIELD","REFERENCES"],"extracted_events":[{"introduced":"0"},{"fixed":"5.20.0"}],"cpe":"cpe:2.3:a:mmonit:monit:*:*:*:*:*:*:*:*"}}],"versions":["release-5-19-0","release-5-18-0","release-5-17-1","release-5-17-0","release-5-16-0","release-5-15-0","release-5-14-0","release-5-13-0","release-5-12-2","release-5-12-1","release-5-12-0","release-5-11-0","release-5-8-1","release-5-8","release-5-7"],"database_specific":{"vanir_signatures":[{"signature_version":"v1","id":"CVE-2016-7067-0ab8f8fe","deprecated":false,"target":{"file":"src/http/processor.h"},"signature_type":"Line","digest":{"line_hashes":["47834363627432994394941712149580670725","277182655633106548696083805084788527293","267712633928111273252454396106096828253","166491238708241429445549474639192159897","254482767731966755878036000391118356764","137638344717428258947694333945909838333","3834001138109409576880320361303009140","169153973667987671489518486790331283771","65569343590384356120582544637014006465"],"threshold":0.9},"source":"https://bitbucket.org/tildeslash/monit@c6ec3820e627f85417053e6336de2987f2d863e3"},{"signature_version":"v1","id":"CVE-2016-7067-0e47f2aa","deprecated":false,"target":{"function":"doGet","file":"src/http/cervlet.c"},"signature_type":"Function","digest":{"function_hash":"134711813964087333612613483757610413641","length":955},"source":"https://bitbucket.org/tildeslash/monit@c6ec3820e627f85417053e6336de2987f2d863e3"},{"signature_version":"v1","id":"CVE-2016-7067-1978345e","deprecated":false,"target":{"function":"set_header","file":"src/http/processor.c"},"signature_type":"Function","digest":{"function_hash":"224498831134872761174278931363828989988","length":546},"source":"https://bitbucket.org/tildeslash/monit@c6ec3820e627f85417053e6336de2987f2d863e3"},{"signature_version":"v1","id":"CVE-2016-7067-20b33644","deprecated":false,"target":{"function":"set_content_type","file":"src/http/processor.c"},"signature_type":"Function","digest":{"function_hash":"2193552663784285707073098000075196915","length":102},"source":"https://bitbucket.org/tildeslash/monit@c6ec3820e627f85417053e6336de2987f2d863e3"},{"signature_version":"v1","id":"CVE-2016-7067-4150d27d","deprecated":false,"target":{"function":"doPost","file":"src/http/cervlet.c"},"signature_type":"Function","digest":{"function_hash":"218312539700364547470518769373272913397","length":494},"source":"https://bitbucket.org/tildeslash/monit@c6ec3820e627f85417053e6336de2987f2d863e3"},{"signature_version":"v1","id":"CVE-2016-7067-4caec8aa","deprecated":false,"target":{"function":"print_buttons","file":"src/http/cervlet.c"},"signature_type":"Function","digest":{"function_hash":"67432104667473644500770491842674951202","length":1438},"source":"https://bitbucket.org/tildeslash/monit@c6ec3820e627f85417053e6336de2987f2d863e3"},{"signature_version":"v1","id":"CVE-2016-7067-5579a49b","deprecated":false,"target":{"file":"src/util.c"},"signature_type":"Line","digest":{"line_hashes":["34741484029879535909098441783033831147","119388722997659626506768261954566050687","98477516296315348659985498718143903427","67541156869833349553834196878915214862","329392448566353066077062937600154900055","13803009026484832924813952956713605202","326456173665104066167743658119245083529","192452604587365605351765466904168844925","243155332089599953876102764426062123122","154671161637610719796684970251786412729","47628070387897194416719079919500214284","96328699687579848377681132835188758059","131841806574992453901447998090645006210","168538741794593750680379869595009750618","53112359813046879972959861131536726642","195180449654011067479993181158909406771","149125067427432166114731823771502060157","25139420196760754136688564329771586749","154379445011440827701449275404781938702","178192762658042063962866323166030950341","257319105385346250369386728681468357312"],"threshold":0.9},"source":"https://bitbucket.org/tildeslash/monit@c6ec3820e627f85417053e6336de2987f2d863e3"},{"signature_version":"v1","id":"CVE-2016-7067-67a96324","deprecated":false,"target":{"function":"handle_run","file":"src/http/cervlet.c"},"signature_type":"Function","digest":{"function_hash":"290327457434627181883412454188722140534","length":671},"source":"https://bitbucket.org/tildeslash/monit@c6ec3820e627f85417053e6336de2987f2d863e3"},{"signature_version":"v1","id":"CVE-2016-7067-92bb1612","deprecated":false,"target":{"function":"create_HttpResponse","file":"src/http/processor.c"},"signature_type":"Function","digest":{"function_hash":"297131000078401106066834327154529971125","length":287},"source":"https://bitbucket.org/tildeslash/monit@c6ec3820e627f85417053e6336de2987f2d863e3"},{"signature_version":"v1","id":"CVE-2016-7067-9787f5e7","deprecated":false,"target":{"file":"src/http/processor.c"},"signature_type":"Line","digest":{"line_hashes":["154615118734743522721765332355388582647","220345053576515515213215742790291761822","301266559315011595922958977880004885576","262332018435484366649149027757226544740","178093153625772749724343887608230106143","340155178931562487599195748249320726224","323228411695593508911298061530192486454","106568957568594115796483434650454496414","117064352088575110249597110305182745120","149379221063028874369352694635487988129","39626304588473039431198855942736161626","244611928130839113793537461102638465209","206998193159425947262324140003333326314","297481537930070006949881437883945507323","211953881856012354726136590375446615502","172686431575459839959911832010590796457","245008622538298087487586404131745715785","162119746107139843397092219124718537695","18995998734739085977420151546453402230","63357355073547043024499788336627475534","282389881434882697109065587383400345743","240522512309630831697827857464120036961","63023319149774050960125992398873200987","66898391509629508073844770580108520255"],"threshold":0.9},"source":"https://bitbucket.org/tildeslash/monit@c6ec3820e627f85417053e6336de2987f2d863e3"},{"signature_version":"v1","id":"CVE-2016-7067-9f51475a","deprecated":false,"target":{"file":"src/http/client.c"},"signature_type":"Line","digest":{"line_hashes":["29641121641434054656812538303133310699","40996351741408920994671436135303411256","293381507493638849953535976100408494315","276572349677948255959744397521023347899","306353894899870117992365831519238624367","118137976420436594641242815662264365932","184470520204698688460219508969879255878","302447085149193798432786919558642520272"],"threshold":0.9},"source":"https://bitbucket.org/tildeslash/monit@c6ec3820e627f85417053e6336de2987f2d863e3"},{"signature_version":"v1","id":"CVE-2016-7067-a95064d2","deprecated":false,"target":{"function":"do_service","file":"src/http/processor.c"},"signature_type":"Function","digest":{"function_hash":"31330385125016570855670532852750168601","length":587},"source":"https://bitbucket.org/tildeslash/monit@c6ec3820e627f85417053e6336de2987f2d863e3"},{"signature_version":"v1","id":"CVE-2016-7067-b8651be3","deprecated":false,"target":{"function":"_send","file":"src/http/client.c"},"signature_type":"Function","digest":{"function_hash":"129927301669698988768343420654156714543","length":580},"source":"https://bitbucket.org/tildeslash/monit@c6ec3820e627f85417053e6336de2987f2d863e3"},{"signature_version":"v1","id":"CVE-2016-7067-c3984d95","deprecated":false,"target":{"function":"Util_monitId","file":"src/util.c"},"signature_type":"Function","digest":{"function_hash":"299944769951155789542863281632704152111","length":1284},"source":"https://bitbucket.org/tildeslash/monit@c6ec3820e627f85417053e6336de2987f2d863e3"},{"signature_version":"v1","id":"CVE-2016-7067-d6dead0d","deprecated":false,"target":{"function":"do_runtime","file":"src/http/cervlet.c"},"signature_type":"Function","digest":{"function_hash":"284279249881230539760911337580676659449","length":10126},"source":"https://bitbucket.org/tildeslash/monit@c6ec3820e627f85417053e6336de2987f2d863e3"},{"signature_version":"v1","id":"CVE-2016-7067-dab0535f","deprecated":false,"target":{"file":"src/http/cervlet.c"},"signature_type":"Line","digest":{"line_hashes":["192933029002802026759115472188189409537","57119944787294146809770063554548556000","184244492502897273008936366950214885901","71561382352761807732242019979659010581","57970794420734942627629825204012626173","325675511313475066372707079255285544198","7470974416244627505918105207892680369","298387060960080071632328725765451071424","188017275975760763470140827223021930844","280598067898404620697156612596148400289","293854717807141091885561669949990026624","48271513497778430561112010520361418074","184258391170646874971446070544179439835","183060476370320334827589971963729885881","337373596280838695213087061130694102989","34088967627481649654640399743505254936","251567782791454303299988142019444953737","297220391155066134708562233705887173384","330650175060918805936376540035541508543","327089547061529602912496623339580817988","208352533155414700310198605002547870431","121666693444415738019097156970701573284","245968235675874348960377281273073720359","46666542663439679784830907537043008154","24739128120874739564177904980331338296","115946399545455698224195377028075344755","41152079452442446463729238085611723676","291930545740427654551627517864067194882","55881573275099685103929689647317039242","278557913955656237580524132622264389831","157238448543576160856451861064305031944","118040855134784118555403056748804694247","278319032460847001690515474078273385071","298321598096609170613989470564078215076","44224632565139072832151402666998012033","248667261963340829928281262382169615027","92156066465715789246654643649261516338","53386819575993321653565239021563160103","198493354777818298665619832826628590331","121274515384479072108665289265254953291","198357679119122642721833485087251238614","200313843492897072888694879779021327067","323127542956437825545922895350401105286","144651370621037422856179549107940006759","178970202469160477752764302415027218787","106488038791984674552069546584849591200","139052701068094638881397876725589851051","173196084658469037078650886764484488221","299263883488760819433395987160210905219","205015725612214707400602543845421625640","176329901939923168083889898525568702611","35276912722325596291011548430779170199","187494545831099907145870104187590586691","98046207367774236205871284428192011491","169258533717786751695017441177805282122","269218280582617182229942007249173684714","28960244463004708317731775856821535444","291466320774568720624421551722446009532","126278133935098052276452953786616088667","239879031297804133311871410120940283094","207425801169173696205641208734063688379","242325908814789011852842603914527230163","45076205223204334069014061432090617379","281847383450186908248495565930038293601","51850753848748337258432804184611522276","86626568737997636771437714665072757520","150572904180318854545889331525888382756","148505535652156452970795688795017378082","198891920007683568277387508256526308042","167629566154365176198467034735730779555","71839321509334667278063051393481988617","269774226431843843554000624420268614391","4359759195511181666354690369726506296","122796515624502953017931999583115359846","197676459482328128950717758151111539543","211327385688779847049689216466315478565","16189862854148624572273103966356786384","22358858292042916630741358310063774229","59824578872975258625628908334621576065","294481859260449480380419509632254250670","255622802440748912621598131880093890011","164185628407373483352376248805048738909","233574771153379530945558888282028096270","32160321551796275866909706198566404174","103802736809145915824244885774261211577","157886340929468637190628046328030446907","147313733673299364293854915313371038232","289016142513066912641765524773761382377","38688439132218291842806072054289925438","127079339880931777706716158138573251519","85891403873673934233952291232403300004","154603521004192499156899979342481566831","292095449205077979518266994149275433578","64937671874973873679607869228410208338","26029652817922412807658309217927959012","301547473006814970233801576080437380048"],"threshold":0.9},"source":"https://bitbucket.org/tildeslash/monit@c6ec3820e627f85417053e6336de2987f2d863e3"},{"signature_version":"v1","id":"CVE-2016-7067-e724299c","deprecated":false,"target":{"function":"is_authenticated","file":"src/http/processor.c"},"signature_type":"Function","digest":{"function_hash":"290069345590759690349399721844754085991","length":449},"source":"https://bitbucket.org/tildeslash/monit@c6ec3820e627f85417053e6336de2987f2d863e3"},{"signature_version":"v1","id":"CVE-2016-7067-f2a88805","deprecated":false,"target":{"file":"src/util.h"},"signature_type":"Line","digest":{"line_hashes":["143217641277221694670564938475714589506","176146559991170064533739561791110247802","278725105102398576238030624763330045820","300006789898599360170788847792009136020","137308201285406409620641608295002854064","61246022059150286931444770002643056270"],"threshold":0.9},"source":"https://bitbucket.org/tildeslash/monit@c6ec3820e627f85417053e6336de2987f2d863e3"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-7067.json","vanir_signatures_modified":"2026-05-18T09:59:33Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}]}