[Pkg-nagios-devel] Bug#485439: nagios3: XSS vulnerabilities in CGI scripts (CVE-2007-5803)

Thierry Carrez thierry.carrez at ubuntu.com
Mon Jun 9 14:29:26 UTC 2008

Package: nagios3
Version: 3.0.1-1
Severity: grave
Tags: security
Justification: user security hole

Multiple cross-site scripting (XSS) vulnerabilities in CGI programs in
Nagios might allow remote attackers to inject arbitrary web script or
HTML via unspecified vectors.

Nagios 3.0.2 was released to address this issue in the 3.x line.

-- System Information:
Debian Release: lenny/sid
  APT prefers hardy-updates
  APT policy: (500, 'hardy-updates'), (500, 'hardy-security'), (500, 'hardy-proposed'), (500, 'hardy')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.24-18-generic (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

More information about the Pkg-nagios-devel mailing list