Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2477

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2011-2477
Last Modified 06 Sep 2011 11:17:29
Published 14 Jun 2011 01:55:06
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2011-2477

Summary

Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in Icinga before 1.4.1, when escape_html_tags is disabled, allow remote attackers to inject arbitrary web script or HTML via a JavaScript expression, as demonstrated by the onload attribute of a BODY element located after a check-host-alive! sequence, a different vulnerability than CVE-2011-2179.

Vulnerable Systems

Application

  • Icinga 0.8.0

  • Icinga 0.8.1

  • Icinga 0.8.2

  • Icinga 0.8.3

  • Icinga 0.8.4

  • Icinga 1.0

  • Icinga 1.0.1

  • Icinga 1.0.2

  • Icinga 1.0.3

  • Icinga 1.2.0

  • Icinga 1.2.1

  • Icinga 1.3.0

  • Icinga 1.3.1

  • Icinga 1.4.0


References

CONFIRM - https://dev.icinga.org/issues/1605

XF - icinga-config-xss(68056)


Last Updated: 27 May 2016 10:57:02