Multiple Cross-Site Scripting Vulnerabilities in Nagios and Icinga Products
CVE-2011-2179

Currently unrated

Key Information:

Vendor: Icinga
Status: Icinga; Nagios
Vendor: CVE Published:; 14 June 2011

What is CVE-2011-2179?

Multiple cross-site scripting vulnerabilities have been identified in the config.c component of config.cgi within Nagios and Icinga software. These vulnerabilities enable remote attackers to inject arbitrary web scripts or HTML content by manipulating the 'expand' parameter in requests related to command and host actions. The affected versions are Nagios 3.2.3 and Icinga versions prior to 1.4.1, which could lead to data theft or web session hijacking, severely compromising the web interface's integrity.

References

http://archives.neohapsis.com/archives/bugtraq/2011-06/00...

mailing-listx_refsource_BUGTRAQ

https://exchange.xforce.ibmcloud.com/vulnerabilities/67797

vdb-entryx_refsource_XF

http://securityreason.com/securityalert/8274

third-party-advisoryx_refsource_SREASON

EPSS Score

30% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 14, 2011
Vulnerability Reserved
May 31, 2011

CVE-2011-2179 Data

JSON