cvelistv5 - cve-2011-2179

CVE-2011-2179 (GCVE-0-2011-2179)

Vulnerability from cvelistv5 – Published: 2011-06-14 17:00 – Updated: 2024-08-06 22:53

Summary

Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://archives.neohapsis.com/archives/bugtraq/20…	mailing-listx_refsource_BUGTRAQ
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://securityreason.com/securityalert/8274	third-party-advisoryx_refsource_SREASON
	http://www.securityfocus.com/bid/48087	vdb-entryx_refsource_BID
	https://bugzilla.redhat.com/show_bug.cgi?id=709871	x_refsource_CONFIRM
	http://tracker.nagios.org/view.php?id=224	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2011/0…	mailing-listx_refsource_MLIST
	http://www.rul3z.de/advisories/SSCHADV2011-006.txt	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2011/06/02/6	mailing-listx_refsource_MLIST
	https://dev.icinga.org/issues/1605	x_refsource_CONFIRM
	http://secunia.com/advisories/44974	third-party-advisoryx_refsource_SECUNIA
	http://www.rul3z.de/advisories/SSCHADV2011-005.txt	x_refsource_MISC
	http://www.ubuntu.com/usn/USN-1151-1	vendor-advisoryx_refsource_UBUNTU
	http://archives.neohapsis.com/archives/bugtraq/20…	mailing-listx_refsource_BUGTRAQ

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:53:17.162Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20110601 Cross-Site Scripting vulnerability in Nagios",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2011-06/0018.html"
          },
          {
            "name": "icinga-expand-xss(67797)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67797"
          },
          {
            "name": "8274",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8274"
          },
          {
            "name": "48087",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/48087"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=709871"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tracker.nagios.org/view.php?id=224"
          },
          {
            "name": "[oss-security] 20110601 CVE request: XSS in nagios",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2011/06/01/10"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.rul3z.de/advisories/SSCHADV2011-006.txt"
          },
          {
            "name": "[oss-security] 20110602 Re: CVE request: XSS in nagios",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2011/06/02/6"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://dev.icinga.org/issues/1605"
          },
          {
            "name": "44974",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44974"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.rul3z.de/advisories/SSCHADV2011-005.txt"
          },
          {
            "name": "USN-1151-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1151-1"
          },
          {
            "name": "20110601 Cross-Site Scripting vulnerability in Icinga",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2011-06/0017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-06-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "20110601 Cross-Site Scripting vulnerability in Nagios",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2011-06/0018.html"
        },
        {
          "name": "icinga-expand-xss(67797)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67797"
        },
        {
          "name": "8274",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8274"
        },
        {
          "name": "48087",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/48087"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=709871"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tracker.nagios.org/view.php?id=224"
        },
        {
          "name": "[oss-security] 20110601 CVE request: XSS in nagios",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2011/06/01/10"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.rul3z.de/advisories/SSCHADV2011-006.txt"
        },
        {
          "name": "[oss-security] 20110602 Re: CVE request: XSS in nagios",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2011/06/02/6"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://dev.icinga.org/issues/1605"
        },
        {
          "name": "44974",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44974"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.rul3z.de/advisories/SSCHADV2011-005.txt"
        },
        {
          "name": "USN-1151-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1151-1"
        },
        {
          "name": "20110601 Cross-Site Scripting vulnerability in Icinga",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2011-06/0017.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-2179",
    "datePublished": "2011-06-14T17:00:00",
    "dateReserved": "2011-05-31T00:00:00",
    "dateUpdated": "2024-08-06T22:53:17.162Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:icinga:icinga:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.4.0\", \"matchCriteriaId\": \"10436D2F-3CCB-4ED6-9327-3CD6BA5E43D5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:icinga:icinga:0.8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1D65D942-0560-42B0-BAF8-D6B8C4237558\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:icinga:icinga:0.8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0CF3E50F-0DF1-44C1-9E7D-E3AE9BBAC5C9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:icinga:icinga:0.8.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F87DFD18-B038-4E18-889A-FCADDC7E9C23\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:icinga:icinga:0.8.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B9B482D1-BB5D-41CC-A330-214F1EC9BD43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:icinga:icinga:0.8.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6EB99BAF-6CF9-4F61-A86B-91F4DAE20F58\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:icinga:icinga:1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B65BD554-2D66-4237-8829-EC5CFD374E4A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:icinga:icinga:1.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"51CBC3F4-EB90-462D-B840-71DB9E8E3667\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:icinga:icinga:1.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"719B37F6-4D3A-4922-B58D-536A775D42D8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:icinga:icinga:1.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7890303A-21C3-47B8-86AF-1B07A01C9AE6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:icinga:icinga:1.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CED3BF83-92C3-4324-BC6E-722309A8787B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:icinga:icinga:1.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A5F7F451-E7AA-4C84-874D-7C7E5C162DEA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:icinga:icinga:1.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5250AED-B86C-4415-A274-7DD9659F40D7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:icinga:icinga:1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C6E333C3-C264-41C9-B358-97A3F62C649D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:icinga:icinga:1.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BEAD9B4E-66B1-4E82-8A6F-B46A4F0A61D9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nagios:nagios:3.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4584E0CD-A0F9-4AD1-ACC5-800E38F5DD59\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples vulnerabilidades de ejecuci\\u00f3n de secuencias de comandos en sitios cruzados (XSS) en config.c en config.cgi en (1) Nagios v3.2.3 y (2) Icinga antes de v1.4.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\\u00e9s del par\\u00e1metro expand, como se demuestra por (a) la acci\\u00f3n command o (b) una acci\\u00f3n hosts.\"}]",
      "id": "CVE-2011-2179",
      "lastModified": "2024-11-21T01:27:45.740",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2011-06-14T17:55:06.437",
      "references": "[{\"url\": \"http://archives.neohapsis.com/archives/bugtraq/2011-06/0017.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://archives.neohapsis.com/archives/bugtraq/2011-06/0018.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"http://secunia.com/advisories/44974\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://securityreason.com/securityalert/8274\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://tracker.nagios.org/view.php?id=224\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2011/06/01/10\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2011/06/02/6\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.rul3z.de/advisories/SSCHADV2011-005.txt\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"http://www.rul3z.de/advisories/SSCHADV2011-006.txt\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"http://www.securityfocus.com/bid/48087\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-1151-1\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=709871\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://dev.icinga.org/issues/1605\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/67797\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://archives.neohapsis.com/archives/bugtraq/2011-06/0017.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://archives.neohapsis.com/archives/bugtraq/2011-06/0018.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"http://secunia.com/advisories/44974\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securityreason.com/securityalert/8274\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://tracker.nagios.org/view.php?id=224\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2011/06/01/10\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2011/06/02/6\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.rul3z.de/advisories/SSCHADV2011-005.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"http://www.rul3z.de/advisories/SSCHADV2011-006.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"http://www.securityfocus.com/bid/48087\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-1151-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=709871\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://dev.icinga.org/issues/1605\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/67797\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-2179\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2011-06-14T17:55:06.437\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en config.c en config.cgi en (1) Nagios v3.2.3 y (2) Icinga antes de v1.4.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro expand, como se demuestra por (a) la acci\u00f3n command o (b) una acci\u00f3n hosts.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:icinga:icinga:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.4.0\",\"matchCriteriaId\":\"10436D2F-3CCB-4ED6-9327-3CD6BA5E43D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:icinga:icinga:0.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D65D942-0560-42B0-BAF8-D6B8C4237558\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:icinga:icinga:0.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CF3E50F-0DF1-44C1-9E7D-E3AE9BBAC5C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:icinga:icinga:0.8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F87DFD18-B038-4E18-889A-FCADDC7E9C23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:icinga:icinga:0.8.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9B482D1-BB5D-41CC-A330-214F1EC9BD43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:icinga:icinga:0.8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6EB99BAF-6CF9-4F61-A86B-91F4DAE20F58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:icinga:icinga:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B65BD554-2D66-4237-8829-EC5CFD374E4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:icinga:icinga:1.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"51CBC3F4-EB90-462D-B840-71DB9E8E3667\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:icinga:icinga:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"719B37F6-4D3A-4922-B58D-536A775D42D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:icinga:icinga:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7890303A-21C3-47B8-86AF-1B07A01C9AE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:icinga:icinga:1.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CED3BF83-92C3-4324-BC6E-722309A8787B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:icinga:icinga:1.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5F7F451-E7AA-4C84-874D-7C7E5C162DEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:icinga:icinga:1.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5250AED-B86C-4415-A274-7DD9659F40D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:icinga:icinga:1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6E333C3-C264-41C9-B358-97A3F62C649D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:icinga:icinga:1.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BEAD9B4E-66B1-4E82-8A6F-B46A4F0A61D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nagios:nagios:3.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4584E0CD-A0F9-4AD1-ACC5-800E38F5DD59\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2011-06/0017.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2011-06/0018.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://secunia.com/advisories/44974\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://securityreason.com/securityalert/8274\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://tracker.nagios.org/view.php?id=224\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2011/06/01/10\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2011/06/02/6\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.rul3z.de/advisories/SSCHADV2011-005.txt\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.rul3z.de/advisories/SSCHADV2011-006.txt\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.securityfocus.com/bid/48087\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1151-1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=709871\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://dev.icinga.org/issues/1605\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/67797\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2011-06/0017.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2011-06/0018.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://secunia.com/advisories/44974\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/8274\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://tracker.nagios.org/view.php?id=224\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2011/06/01/10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2011/06/02/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.rul3z.de/advisories/SSCHADV2011-005.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.rul3z.de/advisories/SSCHADV2011-006.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.securityfocus.com/bid/48087\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1151-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=709871\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://dev.icinga.org/issues/1605\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/67797\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2011-AVI-414

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités dans Nagios permettent de réaliser de l'injection de code indirecte (XSS).

Description

Plusieurs vulnérabilités sont présentes dans Nagios et permettent de réaliser de l'injection de code indirecte :

un des paramètres en entrée de config.cgi est insuffisament vérifié ;
un des paramètres en entrée de statusmap.cgi est insuffisament vérifié.

Solution

La version 3.3.1 de Nagios remédie à ces problèmes.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Nagios, version 3.2.3 et versions antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Site de téléchargement de Nagios	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-1151-1 du 15 juin 2011 :	-	other
Bulletin de sécurité Novell CVE-2011-2179 du 25 juillet 2011 :	-	other
Bulletin de sécurité Novell CVE-2011-1523 du 25 juillet 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eNagios, version 3.2.3 et versions  ant\u00e9rieures.\u003c/p\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans Nagios et permettent de\nr\u00e9aliser de l\u0027injection de code indirecte\u00a0:\n\n-   un des param\u00e8tres en entr\u00e9e de config.cgi est insuffisament\n    v\u00e9rifi\u00e9\u00a0;\n-   un des param\u00e8tres en entr\u00e9e de statusmap.cgi est insuffisament\n    v\u00e9rifi\u00e9.\n\n## Solution\n\nLa version 3.3.1 de Nagios rem\u00e9die \u00e0 ces probl\u00e8mes.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-2179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2179"
    },
    {
      "name": "CVE-2011-1523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1523"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-1151-1 du 15 juin 2011 :",
      "url": "http://www.ubuntu.com/usn/usn-1151-1/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Novell CVE-2011-2179 du 25 juillet    2011 :",
      "url": "http://support.novell.com/security/cve/CVE-2011-2179.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Novell CVE-2011-1523 du 25 juillet    2011 :",
      "url": "http://support.novell.com/security/cve/CVE-2011-1523.html"
    }
  ],
  "reference": "CERTA-2011-AVI-414",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-07-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans Nagios permettent de r\u00e9aliser de\nl\u0027injection de code indirecte (XSS).\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Nagios",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Site de t\u00e9l\u00e9chargement de Nagios",
      "url": "http://www.nagios.org/"
    }
  ]
}

CERTA-2011-AVI-414

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités dans Nagios permettent de réaliser de l'injection de code indirecte (XSS).

Description

Plusieurs vulnérabilités sont présentes dans Nagios et permettent de réaliser de l'injection de code indirecte :

un des paramètres en entrée de config.cgi est insuffisament vérifié ;
un des paramètres en entrée de statusmap.cgi est insuffisament vérifié.

Solution

La version 3.3.1 de Nagios remédie à ces problèmes.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Nagios, version 3.2.3 et versions antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Site de téléchargement de Nagios	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-1151-1 du 15 juin 2011 :	-	other
Bulletin de sécurité Novell CVE-2011-2179 du 25 juillet 2011 :	-	other
Bulletin de sécurité Novell CVE-2011-1523 du 25 juillet 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eNagios, version 3.2.3 et versions  ant\u00e9rieures.\u003c/p\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans Nagios et permettent de\nr\u00e9aliser de l\u0027injection de code indirecte\u00a0:\n\n-   un des param\u00e8tres en entr\u00e9e de config.cgi est insuffisament\n    v\u00e9rifi\u00e9\u00a0;\n-   un des param\u00e8tres en entr\u00e9e de statusmap.cgi est insuffisament\n    v\u00e9rifi\u00e9.\n\n## Solution\n\nLa version 3.3.1 de Nagios rem\u00e9die \u00e0 ces probl\u00e8mes.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-2179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2179"
    },
    {
      "name": "CVE-2011-1523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1523"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-1151-1 du 15 juin 2011 :",
      "url": "http://www.ubuntu.com/usn/usn-1151-1/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Novell CVE-2011-2179 du 25 juillet    2011 :",
      "url": "http://support.novell.com/security/cve/CVE-2011-2179.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Novell CVE-2011-1523 du 25 juillet    2011 :",
      "url": "http://support.novell.com/security/cve/CVE-2011-1523.html"
    }
  ],
  "reference": "CERTA-2011-AVI-414",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-07-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans Nagios permettent de r\u00e9aliser de\nl\u0027injection de code indirecte (XSS).\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Nagios",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Site de t\u00e9l\u00e9chargement de Nagios",
      "url": "http://www.nagios.org/"
    }
  ]
}

GHSA-P3HF-J3H8-8MQV

Vulnerability from github – Published: 2022-05-17 01:55 – Updated: 2022-05-17 01:55

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-2179"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-06-14T17:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action.",
  "id": "GHSA-p3hf-j3h8-8mqv",
  "modified": "2022-05-17T01:55:21Z",
  "published": "2022-05-17T01:55:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2179"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=709871"
    },
    {
      "type": "WEB",
      "url": "https://dev.icinga.org/issues/1605"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67797"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2011-06/0017.html"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2011-06/0018.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/44974"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/8274"
    },
    {
      "type": "WEB",
      "url": "http://tracker.nagios.org/view.php?id=224"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2011/06/01/10"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2011/06/02/6"
    },
    {
      "type": "WEB",
      "url": "http://www.rul3z.de/advisories/SSCHADV2011-005.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.rul3z.de/advisories/SSCHADV2011-006.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/48087"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-1151-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2011-2179

Vulnerability from fkie_nvd - Published: 2011-06-14 17:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://archives.neohapsis.com/archives/bugtraq/2011-06/0017.html
secalert@redhat.com	http://archives.neohapsis.com/archives/bugtraq/2011-06/0018.html	Exploit, Patch
secalert@redhat.com	http://secunia.com/advisories/44974
secalert@redhat.com	http://securityreason.com/securityalert/8274
secalert@redhat.com	http://tracker.nagios.org/view.php?id=224	Exploit, Patch, Vendor Advisory
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2011/06/01/10
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2011/06/02/6
secalert@redhat.com	http://www.rul3z.de/advisories/SSCHADV2011-005.txt	Exploit, Patch
secalert@redhat.com	http://www.rul3z.de/advisories/SSCHADV2011-006.txt	Exploit, Patch
secalert@redhat.com	http://www.securityfocus.com/bid/48087
secalert@redhat.com	http://www.ubuntu.com/usn/USN-1151-1
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=709871
secalert@redhat.com	https://dev.icinga.org/issues/1605	Exploit, Patch, Vendor Advisory
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/67797
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2011-06/0017.html
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2011-06/0018.html	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/44974
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/8274
af854a3a-2127-422b-91ae-364da2661108	http://tracker.nagios.org/view.php?id=224	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2011/06/01/10
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2011/06/02/6
af854a3a-2127-422b-91ae-364da2661108	http://www.rul3z.de/advisories/SSCHADV2011-005.txt	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.rul3z.de/advisories/SSCHADV2011-006.txt	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/48087
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-1151-1
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=709871
af854a3a-2127-422b-91ae-364da2661108	https://dev.icinga.org/issues/1605	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/67797

Impacted products

Vendor	Product	Version
icinga	icinga	*
icinga	icinga	0.8.0
icinga	icinga	0.8.1
icinga	icinga	0.8.2
icinga	icinga	0.8.3
icinga	icinga	0.8.4
icinga	icinga	1.0
icinga	icinga	1.0
icinga	icinga	1.0.1
icinga	icinga	1.0.2
icinga	icinga	1.0.3
icinga	icinga	1.2.0
icinga	icinga	1.2.1
icinga	icinga	1.3.0
icinga	icinga	1.3.1
nagios	nagios	3.2.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:icinga:icinga:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "10436D2F-3CCB-4ED6-9327-3CD6BA5E43D5",
              "versionEndIncluding": "1.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:icinga:icinga:0.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D65D942-0560-42B0-BAF8-D6B8C4237558",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:icinga:icinga:0.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF3E50F-0DF1-44C1-9E7D-E3AE9BBAC5C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:icinga:icinga:0.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F87DFD18-B038-4E18-889A-FCADDC7E9C23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:icinga:icinga:0.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9B482D1-BB5D-41CC-A330-214F1EC9BD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:icinga:icinga:0.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EB99BAF-6CF9-4F61-A86B-91F4DAE20F58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:icinga:icinga:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B65BD554-2D66-4237-8829-EC5CFD374E4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:icinga:icinga:1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "51CBC3F4-EB90-462D-B840-71DB9E8E3667",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:icinga:icinga:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "719B37F6-4D3A-4922-B58D-536A775D42D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:icinga:icinga:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7890303A-21C3-47B8-86AF-1B07A01C9AE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:icinga:icinga:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CED3BF83-92C3-4324-BC6E-722309A8787B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:icinga:icinga:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5F7F451-E7AA-4C84-874D-7C7E5C162DEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:icinga:icinga:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5250AED-B86C-4415-A274-7DD9659F40D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:icinga:icinga:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6E333C3-C264-41C9-B358-97A3F62C649D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:icinga:icinga:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEAD9B4E-66B1-4E82-8A6F-B46A4F0A61D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios:3.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4584E0CD-A0F9-4AD1-ACC5-800E38F5DD59",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en config.c en config.cgi en (1) Nagios v3.2.3 y (2) Icinga antes de v1.4.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro expand, como se demuestra por (a) la acci\u00f3n command o (b) una acci\u00f3n hosts."
    }
  ],
  "id": "CVE-2011-2179",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-06-14T17:55:06.437",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2011-06/0017.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2011-06/0018.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/44974"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securityreason.com/securityalert/8274"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://tracker.nagios.org/view.php?id=224"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2011/06/01/10"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2011/06/02/6"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.rul3z.de/advisories/SSCHADV2011-005.txt"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.rul3z.de/advisories/SSCHADV2011-006.txt"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/48087"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-1151-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=709871"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://dev.icinga.org/issues/1605"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67797"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2011-06/0017.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2011-06/0018.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/44974"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/8274"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://tracker.nagios.org/view.php?id=224"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2011/06/01/10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2011/06/02/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.rul3z.de/advisories/SSCHADV2011-005.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.rul3z.de/advisories/SSCHADV2011-006.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/48087"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1151-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=709871"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://dev.icinga.org/issues/1605"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67797"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2011-2179

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2011-2179

Aliases

CVE-2011-2179

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-2179",
    "description": "Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action.",
    "id": "GSD-2011-2179",
    "references": [
      "https://www.suse.com/security/cve/CVE-2011-2179.html",
      "https://alas.aws.amazon.com/cve/html/CVE-2011-2179.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-2179"
      ],
      "details": "Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action.",
      "id": "GSD-2011-2179",
      "modified": "2023-12-13T01:19:06.563393Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2011-2179",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://archives.neohapsis.com/archives/bugtraq/2011-06/0017.html",
            "refsource": "MISC",
            "url": "http://archives.neohapsis.com/archives/bugtraq/2011-06/0017.html"
          },
          {
            "name": "http://archives.neohapsis.com/archives/bugtraq/2011-06/0018.html",
            "refsource": "MISC",
            "url": "http://archives.neohapsis.com/archives/bugtraq/2011-06/0018.html"
          },
          {
            "name": "http://secunia.com/advisories/44974",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/44974"
          },
          {
            "name": "http://securityreason.com/securityalert/8274",
            "refsource": "MISC",
            "url": "http://securityreason.com/securityalert/8274"
          },
          {
            "name": "http://tracker.nagios.org/view.php?id=224",
            "refsource": "MISC",
            "url": "http://tracker.nagios.org/view.php?id=224"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2011/06/01/10",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2011/06/01/10"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2011/06/02/6",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2011/06/02/6"
          },
          {
            "name": "http://www.rul3z.de/advisories/SSCHADV2011-005.txt",
            "refsource": "MISC",
            "url": "http://www.rul3z.de/advisories/SSCHADV2011-005.txt"
          },
          {
            "name": "http://www.rul3z.de/advisories/SSCHADV2011-006.txt",
            "refsource": "MISC",
            "url": "http://www.rul3z.de/advisories/SSCHADV2011-006.txt"
          },
          {
            "name": "http://www.securityfocus.com/bid/48087",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/48087"
          },
          {
            "name": "http://www.ubuntu.com/usn/USN-1151-1",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/USN-1151-1"
          },
          {
            "name": "https://dev.icinga.org/issues/1605",
            "refsource": "MISC",
            "url": "https://dev.icinga.org/issues/1605"
          },
          {
            "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67797",
            "refsource": "MISC",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67797"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=709871",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=709871"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:icinga:icinga:1.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:icinga:icinga:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:icinga:icinga:0.8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:icinga:icinga:0.8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:icinga:icinga:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:icinga:icinga:1.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:icinga:icinga:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:icinga:icinga:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nagios:nagios:3.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:icinga:icinga:1.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:icinga:icinga:0.8.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:icinga:icinga:1.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:icinga:icinga:1.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:icinga:icinga:1.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:icinga:icinga:0.8.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:icinga:icinga:0.8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2011-2179"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20110601 Cross-Site Scripting vulnerability in Nagios",
              "refsource": "BUGTRAQ",
              "tags": [
                "Exploit",
                "Patch"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2011-06/0018.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=709871",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=709871"
            },
            {
              "name": "http://tracker.nagios.org/view.php?id=224",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://tracker.nagios.org/view.php?id=224"
            },
            {
              "name": "http://www.rul3z.de/advisories/SSCHADV2011-006.txt",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Patch"
              ],
              "url": "http://www.rul3z.de/advisories/SSCHADV2011-006.txt"
            },
            {
              "name": "[oss-security] 20110602 Re: CVE request: XSS in nagios",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2011/06/02/6"
            },
            {
              "name": "20110601 Cross-Site Scripting vulnerability in Icinga",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2011-06/0017.html"
            },
            {
              "name": "[oss-security] 20110601 CVE request: XSS in nagios",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2011/06/01/10"
            },
            {
              "name": "http://www.rul3z.de/advisories/SSCHADV2011-005.txt",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Patch"
              ],
              "url": "http://www.rul3z.de/advisories/SSCHADV2011-005.txt"
            },
            {
              "name": "https://dev.icinga.org/issues/1605",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://dev.icinga.org/issues/1605"
            },
            {
              "name": "44974",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/44974"
            },
            {
              "name": "USN-1151-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-1151-1"
            },
            {
              "name": "48087",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/48087"
            },
            {
              "name": "8274",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/8274"
            },
            {
              "name": "icinga-expand-xss(67797)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67797"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-08-29T01:29Z",
      "publishedDate": "2011-06-14T17:55Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-2179 (GCVE-0-2011-2179)

CERTA-2011-AVI-414

Description

Solution

CERTA-2011-AVI-414

Description

Solution

GHSA-P3HF-J3H8-8MQV

FKIE_CVE-2011-2179

GSD-2011-2179

Tags

Sightings

Nomenclature