CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
90.6%
Issue Overview:
Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action.
Affected Packages:
nagios
Issue Correction:
Run yum update nagios to update your system.
New Packages:
i686:
nagios-debuginfo-3.3.1-3.4.amzn1.i686
nagios-3.3.1-3.4.amzn1.i686
nagios-devel-3.3.1-3.4.amzn1.i686
nagios-common-3.3.1-3.4.amzn1.i686
src:
nagios-3.3.1-3.4.amzn1.src
x86_64:
nagios-common-3.3.1-3.4.amzn1.x86_64
nagios-devel-3.3.1-3.4.amzn1.x86_64
nagios-3.3.1-3.4.amzn1.x86_64
nagios-debuginfo-3.3.1-3.4.amzn1.x86_64
Red Hat: CVE-2011-2179
Mitre: CVE-2011-2179
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | nagios-debuginfo | < 3.3.1-3.4.amzn1 | nagios-debuginfo-3.3.1-3.4.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | nagios | < 3.3.1-3.4.amzn1 | nagios-3.3.1-3.4.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | nagios-devel | < 3.3.1-3.4.amzn1 | nagios-devel-3.3.1-3.4.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | nagios-common | < 3.3.1-3.4.amzn1 | nagios-common-3.3.1-3.4.amzn1.i686.rpm |
Amazon Linux | 1 | x86_64 | nagios-common | < 3.3.1-3.4.amzn1 | nagios-common-3.3.1-3.4.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | nagios-devel | < 3.3.1-3.4.amzn1 | nagios-devel-3.3.1-3.4.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | nagios | < 3.3.1-3.4.amzn1 | nagios-3.3.1-3.4.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | nagios-debuginfo | < 3.3.1-3.4.amzn1 | nagios-debuginfo-3.3.1-3.4.amzn1.x86_64.rpm |