XSS issues in Nagios CGI (CVE-2007-5803)
Bug #238516 reported by
Thierry Carrez
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
nagios2 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Feisty |
Won't Fix
|
Undecided
|
Unassigned | ||
Gutsy |
Won't Fix
|
Undecided
|
Unassigned | ||
Hardy |
Fix Released
|
Undecided
|
Thierry Carrez | ||
nagios3 (Debian) |
Fix Released
|
Unknown
|
|||
nagios3 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Feisty |
Invalid
|
Undecided
|
Unassigned | ||
Gutsy |
Invalid
|
Undecided
|
Unassigned | ||
Hardy |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: nagios2
Multiple cross-site scripting (XSS) vulnerabilities in CGI programs in Nagios before 2.12 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-5624 and CVE-2008-1360.
Note that this also affects nagios3 (before 3.0.2).
I'm working on a patch.
Related branches
CVE References
Changed in nagios3: | |
status: | Unknown → Fix Committed |
Changed in nagios3: | |
status: | Fix Committed → Fix Released |
Changed in nagios3: | |
status: | New → Invalid |
status: | New → Invalid |
status: | New → Invalid |
Changed in nagios2: | |
status: | New → Invalid |
status: | New → In Progress |
assignee: | nobody → tcarrez |
Changed in nagios2: | |
status: | In Progress → Fix Committed |
To post a comment you must log in.
Here is a backport (XSS fixes only) from Nagios 2.12.
For Nagios 3.x (Intrepid) we should probably upgrade to 3.0.2.