{"id":"UBUNTU-CVE-2016-7067","details":"Monit before version 5.20.0 is vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host or disable/enable monitoring for a specific service.","modified":"2025-09-08T16:43:50Z","published":"2018-09-10T14:29:00Z","upstream":["CVE-2016-7067"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-7067"},{"type":"REPORT","url":"https://bitbucket.org/tildeslash/monit/commits/c6ec3820e627f85417053e6336de2987f2d863e3?at=master"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2016-7067"}],"affected":[{"package":{"name":"monit","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/monit@1:5.6-2ubuntu0.1?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:5.6-2ubuntu0.1"}]}],"versions":["1:5.5.1-1","1:5.6-1","1:5.6-2"],"ecosystem_specific":{"binaries":[{"binary_name":"monit","binary_version":"1:5.6-2ubuntu0.1"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-7067.json"}},{"package":{"name":"monit","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/monit@1:5.16-2ubuntu0.1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:5.16-2ubuntu0.1"}]}],"versions":["1:5.14-2","1:5.15-1","1:5.15-2","1:5.15-3","1:5.16-1","1:5.16-2"],"ecosystem_specific":{"binaries":[{"binary_name":"monit","binary_version":"1:5.16-2ubuntu0.1"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-7067.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"type":"Ubuntu","score":"medium"}]}