CVE-2011-2179

Published: Jun 14, 2011Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action.

Affected (16)

Products: Icinga: Icinga · Nagios: Nagios

1 product

1 product

Configuration A

16 vulnerable

Vulnerable Software	Affected Versions
Icinga Icinga	Up to 1.4.0
Icinga Icinga	Version 0.8.0
Icinga Icinga	Version 0.8.1
Icinga Icinga	Version 0.8.2
Icinga Icinga	Version 0.8.3
Icinga Icinga	Version 0.8.4
Icinga Icinga	Version 1.0.1
Icinga Icinga	Version 1.0.2
Icinga Icinga	Version 1.0.3
Icinga Icinga	Version 1.0
Icinga Icinga	Version 1.0 rc1
Icinga Icinga	Version 1.2.0
Icinga Icinga	Version 1.2.1
Icinga Icinga	Version 1.3.0
Icinga Icinga	Version 1.3.1
Nagios Nagios	Version 3.2.3

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (28)

http://archives.neohapsis.com/archives/bugtraq/2011-06/0017.html

Source: secalert@redhat.com

http://archives.neohapsis.com/archives/bugtraq/2011-06/0018.html

Source: secalert@redhat.com

ExploitPatch

http://secunia.com/advisories/44974

Source: secalert@redhat.com

http://securityreason.com/securityalert/8274

Source: secalert@redhat.com

http://tracker.nagios.org/view.php?id=224

Source: secalert@redhat.com

ExploitPatchVendor Advisory

http://www.openwall.com/lists/oss-security/2011/06/01/10

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2011/06/02/6

Source: secalert@redhat.com

http://www.rul3z.de/advisories/SSCHADV2011-005.txt

Source: secalert@redhat.com

ExploitPatch

http://www.rul3z.de/advisories/SSCHADV2011-006.txt

Source: secalert@redhat.com

ExploitPatch

http://www.securityfocus.com/bid/48087

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-1151-1

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=709871

Source: secalert@redhat.com

https://dev.icinga.org/issues/1605

Source: secalert@redhat.com

ExploitPatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/67797

Source: secalert@redhat.com

http://archives.neohapsis.com/archives/bugtraq/2011-06/0017.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://archives.neohapsis.com/archives/bugtraq/2011-06/0018.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

http://secunia.com/advisories/44974

Source: af854a3a-2127-422b-91ae-364da2661108

http://securityreason.com/securityalert/8274

Source: af854a3a-2127-422b-91ae-364da2661108

http://tracker.nagios.org/view.php?id=224

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchVendor Advisory

http://www.openwall.com/lists/oss-security/2011/06/01/10

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2011/06/02/6

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.rul3z.de/advisories/SSCHADV2011-005.txt

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

http://www.rul3z.de/advisories/SSCHADV2011-006.txt

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

http://www.securityfocus.com/bid/48087

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-1151-1

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=709871

Source: af854a3a-2127-422b-91ae-364da2661108

https://dev.icinga.org/issues/1605

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/67797

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.