Lucene search

RedhatCVE-2011-2179

HistoryJun 14, 2011 - 5:55 p.m.

CVE-2011-2179

2011-06-1417:55:06

CWE-79

redhat

web.nvd.nist.gov

cve-2011-2179

cross-site scripting

xss

vulnerabilities

nagios

icinga

config.c

remote attackers

web script

html

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.026

Percentile

90.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action.

Affected configurations

Nvd

Node

icingaicingaRange≤1.4.0

icingaicingaMatch0.8.0

icingaicingaMatch0.8.1

icingaicingaMatch0.8.2

icingaicingaMatch0.8.3

icingaicingaMatch0.8.4

icingaicingaMatch1.0

icingaicingaMatch1.0rc1

icingaicingaMatch1.0.1

icingaicingaMatch1.0.2

icingaicingaMatch1.0.3

icingaicingaMatch1.2.0

icingaicingaMatch1.2.1

icingaicingaMatch1.3.0

icingaicingaMatch1.3.1

nagiosnagiosMatch3.2.3

VendorProductVersionCPE
icingaicinga*cpe:2.3:a:icinga:icinga:*:*:*:*:*:*:*:*
icingaicinga0.8.0cpe:2.3:a:icinga:icinga:0.8.0:*:*:*:*:*:*:*
icingaicinga0.8.1cpe:2.3:a:icinga:icinga:0.8.1:*:*:*:*:*:*:*
icingaicinga0.8.2cpe:2.3:a:icinga:icinga:0.8.2:*:*:*:*:*:*:*
icingaicinga0.8.3cpe:2.3:a:icinga:icinga:0.8.3:*:*:*:*:*:*:*
icingaicinga0.8.4cpe:2.3:a:icinga:icinga:0.8.4:*:*:*:*:*:*:*
icingaicinga1.0cpe:2.3:a:icinga:icinga:1.0:*:*:*:*:*:*:*
icingaicinga1.0cpe:2.3:a:icinga:icinga:1.0:rc1:*:*:*:*:*:*
icingaicinga1.0.1cpe:2.3:a:icinga:icinga:1.0.1:*:*:*:*:*:*:*
icingaicinga1.0.2cpe:2.3:a:icinga:icinga:1.0.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
icinga	icinga	*	cpe:2.3:a:icinga:icinga::::::::
icinga	icinga	0.8.0	cpe:2.3:a:icinga:icinga:0.8.0:::::::*
icinga	icinga	0.8.1	cpe:2.3:a:icinga:icinga:0.8.1:::::::*
icinga	icinga	0.8.2	cpe:2.3:a:icinga:icinga:0.8.2:::::::*
icinga	icinga	0.8.3	cpe:2.3:a:icinga:icinga:0.8.3:::::::*
icinga	icinga	0.8.4	cpe:2.3:a:icinga:icinga:0.8.4:::::::*
icinga	icinga	1.0	cpe:2.3:a:icinga:icinga:1.0:::::::*
icinga	icinga	1.0	cpe:2.3:a:icinga:icinga:1.0:rc1::::::
icinga	icinga	1.0.1	cpe:2.3:a:icinga:icinga:1.0.1:::::::*
icinga	icinga	1.0.2	cpe:2.3:a:icinga:icinga:1.0.2:::::::*