[Pkg-nagios-devel] Bug#485439: nagios3: XSS vulnerabilities in CGI scripts (CVE-2007-5803)

Thierry Carrez thierry.carrez at ubuntu.com
Mon Jun 9 14:29:26 UTC 2008


Package: nagios3
Version: 3.0.1-1
Severity: grave
Tags: security
Justification: user security hole

Multiple cross-site scripting (XSS) vulnerabilities in CGI programs in
Nagios might allow remote attackers to inject arbitrary web script or
HTML via unspecified vectors.
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2007-5803

Nagios 3.0.2 was released to address this issue in the 3.x line.
http://www.nagios.org/development/history/nagios-3x.php

-- System Information:
Debian Release: lenny/sid
  APT prefers hardy-updates
  APT policy: (500, 'hardy-updates'), (500, 'hardy-security'), (500, 'hardy-proposed'), (500, 'hardy')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.24-18-generic (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash





More information about the Pkg-nagios-devel mailing list