CVE-2011-2179
Published: 7 June 2011
Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action.
Notes
| Author | Note |
|---|---|
| mdeslaur | feature was introduced in nagios 3.2.2, icinga 1.3.1 |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
icinga Launchpad, Ubuntu, Debian |
artful |
Ignored
(reached end-of-life)
|
| bionic |
Not vulnerable
(1.10.3-1)
|
|
| cosmic |
Not vulnerable
(1.10.3-1)
|
|
| hardy |
Does not exist
|
|
| lucid |
Does not exist
|
|
| maverick |
Not vulnerable
(code not present)
|
|
| natty |
Not vulnerable
(code not present)
|
|
| oneiric |
Ignored
(reached end-of-life)
|
|
| precise |
Does not exist
(precise was needs-triage)
|
|
| quantal |
Ignored
(reached end-of-life)
|
|
| raring |
Ignored
(reached end-of-life)
|
|
| saucy |
Ignored
(reached end-of-life)
|
|
| trusty |
Does not exist
(trusty was not-affected [1.10.3-1])
|
|
| upstream |
Released
(1.4.1-1)
|
|
| utopic |
Ignored
(reached end-of-life)
|
|
| vivid |
Ignored
(reached end-of-life)
|
|
| wily |
Ignored
(reached end-of-life)
|
|
| xenial |
Not vulnerable
(1.10.3-1)
|
|
| yakkety |
Ignored
(reached end-of-life)
|
|
| zesty |
Ignored
(reached end-of-life)
|
|
|
Patches: upstream: https://git.icinga.org/?p=icinga-core.git;a=commit;h=cd5042266227d65e09f27036f65d2edb8295c0e7 |
||
|
nagios2 Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
| bionic |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| hardy |
Not vulnerable
(code not present)
|
|
| lucid |
Does not exist
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| raring |
Does not exist
|
|
| saucy |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| utopic |
Does not exist
|
|
| vivid |
Does not exist
|
|
| wily |
Does not exist
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
nagios3 Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(3.2.3-3)
|
| bionic |
Not vulnerable
(3.2.3-3)
|
|
| cosmic |
Does not exist
|
|
| hardy |
Does not exist
|
|
| lucid |
Not vulnerable
(code not present)
|
|
| maverick |
Not vulnerable
(code not present)
|
|
| natty |
Released
(3.2.3-1ubuntu1.2)
|
|
| oneiric |
Not vulnerable
(3.2.3-3)
|
|
| precise |
Does not exist
(precise was not-affected [3.2.3-3])
|
|
| quantal |
Not vulnerable
(3.2.3-3)
|
|
| raring |
Not vulnerable
(3.2.3-3)
|
|
| saucy |
Not vulnerable
(3.2.3-3)
|
|
| trusty |
Does not exist
(trusty was not-affected [3.2.3-3])
|
|
| upstream |
Released
(3.2.3-3)
|
|
| utopic |
Not vulnerable
(3.2.3-3)
|
|
| vivid |
Not vulnerable
(3.2.3-3)
|
|
| wily |
Not vulnerable
(3.2.3-3)
|
|
| xenial |
Not vulnerable
(3.2.3-3)
|
|
| yakkety |
Not vulnerable
(3.2.3-3)
|
|
| zesty |
Not vulnerable
(3.2.3-3)
|
|
|
Patches: fork: https://git.icinga.org/?p=icinga-core.git;a=commit;h=cd5042266227d65e09f27036f65d2edb8295c0e7 |
||