CVE-2006-2489
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
95.1%
Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a content length (Content-Length) HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| nagios | nagios | 1.0 | cpe:2.3:a:nagios:nagios:1.0:*:*:*:*:*:*:* |
| nagios | nagios | 1.0b1 | cpe:2.3:a:nagios:nagios:1.0b1:*:*:*:*:*:*:* |
| nagios | nagios | 1.0b2 | cpe:2.3:a:nagios:nagios:1.0b2:*:*:*:*:*:*:* |
| nagios | nagios | 1.0b3 | cpe:2.3:a:nagios:nagios:1.0b3:*:*:*:*:*:*:* |
| nagios | nagios | 1.0b4 | cpe:2.3:a:nagios:nagios:1.0b4:*:*:*:*:*:*:* |
| nagios | nagios | 1.0b5 | cpe:2.3:a:nagios:nagios:1.0b5:*:*:*:*:*:*:* |
| nagios | nagios | 1.0b6 | cpe:2.3:a:nagios:nagios:1.0b6:*:*:*:*:*:*:* |
| nagios | nagios | 1.1 | cpe:2.3:a:nagios:nagios:1.1:*:*:*:*:*:*:* |
| nagios | nagios | 1.2 | cpe:2.3:a:nagios:nagios:1.2:*:*:*:*:*:*:* |
| nagios | nagios | 1.3 | cpe:2.3:a:nagios:nagios:1.3:*:*:*:*:*:*:* |
References
secunia.com/advisories/20123
secunia.com/advisories/20247
secunia.com/advisories/20313
www.debian.org/security/2006/dsa-1072
www.gentoo.org/security/en/glsa/glsa-200605-07.xml
www.nagios.org/development/changelog.php
www.securityfocus.com/bid/18059
www.vupen.com/english/advisories/2006/1822
exchange.xforce.ibmcloud.com/vulnerabilities/26454
usn.ubuntu.com/287-1/
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
95.1%