Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2179

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-2179
Last Modified 21 Nov 2011 10:56:53
Published 14 Jun 2011 01:55:06
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-2179

Summary

Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action.

Vulnerable Systems

Application

  • Icinga 0.8.0

  • Icinga 0.8.1

  • Icinga 0.8.2

  • Icinga 0.8.3

  • Icinga 0.8.4

  • Icinga 1.0

  • Icinga 1.0.1

  • Icinga 1.0.2

  • Icinga 1.0.3

  • Icinga 1.2.0

  • Icinga 1.2.1

  • Icinga 1.3.0

  • Icinga 1.3.1

  • Icinga 1.4.0

  • Nagios 3.2.3


References

CONFIRM - https://dev.icinga.org/issues/1605

MISC - http://www.rul3z.de/advisories/SSCHADV2011-006.txt

MISC - http://www.rul3z.de/advisories/SSCHADV2011-005.txt

CONFIRM - http://tracker.nagios.org/view.php?id=224

BUGTRAQ - 20110601 Cross-Site Scripting vulnerability in Nagios

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=709871

XF - icinga-expand-xss(67797)

UBUNTU - USN-1151-1

BID - 48087

MLIST - [oss-security] 20110602 Re: CVE request: XSS in nagios

MLIST - [oss-security] 20110601 CVE request: XSS in nagios

SREASON - 8274

SECUNIA - 44974

BUGTRAQ - 20110601 Cross-Site Scripting vulnerability in Icinga


Last Updated: 27 May 2016 10:56:57