CVE-2011-2179
Published: 7 June 2011
Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action.
Notes
| Author | Note |
|---|---|
| mdeslaur | feature was introduced in nagios 3.2.2, icinga 1.3.1 |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
icinga Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
| bionic |
Not vulnerable
(1.10.3-1)
|
|
| cosmic |
Not vulnerable
(1.10.3-1)
|
|
| hardy |
Does not exist
|
|
| lucid |
Does not exist
|
|
| maverick |
Not vulnerable
(code not present)
|
|
| natty |
Not vulnerable
(code not present)
|
|
| oneiric |
Ignored
(end of life)
|
|
| precise |
Ignored
(end of life)
|
|
| quantal |
Ignored
(end of life)
|
|
| raring |
Ignored
(end of life)
|
|
| saucy |
Ignored
(end of life)
|
|
| trusty |
Does not exist
(trusty was not-affected [1.10.3-1])
|
|
| upstream |
Released
(1.4.1-1)
|
|
| utopic |
Ignored
(end of life)
|
|
| vivid |
Ignored
(end of life)
|
|
| wily |
Ignored
(end of life)
|
|
| xenial |
Not vulnerable
(1.10.3-1)
|
|
| yakkety |
Ignored
(end of life)
|
|
| zesty |
Ignored
(end of life)
|
|
|
Patches: upstream: https://git.icinga.org/?p=icinga-core.git;a=commit;h=cd5042266227d65e09f27036f65d2edb8295c0e7 |
||
|
nagios2 Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
| bionic |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| hardy |
Not vulnerable
(code not present)
|
|
| lucid |
Does not exist
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| raring |
Does not exist
|
|
| saucy |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| utopic |
Does not exist
|
|
| vivid |
Does not exist
|
|
| wily |
Does not exist
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
nagios3 Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(3.2.3-3)
|
| bionic |
Not vulnerable
(3.2.3-3)
|
|
| cosmic |
Does not exist
|
|
| hardy |
Does not exist
|
|
| lucid |
Not vulnerable
(code not present)
|
|
| maverick |
Not vulnerable
(code not present)
|
|
| natty |
Released
(3.2.3-1ubuntu1.2)
|
|
| oneiric |
Not vulnerable
(3.2.3-3)
|
|
| precise |
Not vulnerable
(3.2.3-3)
|
|
| quantal |
Not vulnerable
(3.2.3-3)
|
|
| raring |
Not vulnerable
(3.2.3-3)
|
|
| saucy |
Not vulnerable
(3.2.3-3)
|
|
| trusty |
Does not exist
(trusty was not-affected [3.2.3-3])
|
|
| upstream |
Released
(3.2.3-3)
|
|
| utopic |
Not vulnerable
(3.2.3-3)
|
|
| vivid |
Not vulnerable
(3.2.3-3)
|
|
| wily |
Not vulnerable
(3.2.3-3)
|
|
| xenial |
Not vulnerable
(3.2.3-3)
|
|
| yakkety |
Not vulnerable
(3.2.3-3)
|
|
| zesty |
Not vulnerable
(3.2.3-3)
|
|
|
Patches: fork: https://git.icinga.org/?p=icinga-core.git;a=commit;h=cd5042266227d65e09f27036f65d2edb8295c0e7 |
||