CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
90.6%
Stefan Schurtz discovered than Nagios did not properly sanitize its input
when processing certain requests, resulting in cross-site scripting (XSS)
vulnerabilities. With cross-site scripting vulnerabilities, if a user were
tricked into viewing server output during a crafted server request, a
remote attacker could exploit this to modify the contents, or steal
confidential data, within the same domain.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 11.04 | noarch | nagios3-cgi | < 3.2.3-1ubuntu1.2 | UNKNOWN |
Ubuntu | 11.04 | noarch | nagios3 | < 3.2.3-1ubuntu1.2 | UNKNOWN |
Ubuntu | 11.04 | noarch | nagios3-core | < 3.2.3-1ubuntu1.2 | UNKNOWN |
Ubuntu | 11.04 | noarch | nagios3-dbg | < 3.2.3-1ubuntu1.2 | UNKNOWN |
Ubuntu | 10.10 | noarch | nagios3-cgi | < 3.2.1-2ubuntu1.2 | UNKNOWN |
Ubuntu | 10.10 | noarch | nagios3 | < 3.2.1-2ubuntu1.2 | UNKNOWN |
Ubuntu | 10.10 | noarch | nagios3-core | < 3.2.1-2ubuntu1.2 | UNKNOWN |
Ubuntu | 10.10 | noarch | nagios3-dbg | < 3.2.1-2ubuntu1.2 | UNKNOWN |
Ubuntu | 10.04 | noarch | nagios3-cgi | < 3.2.0-4ubuntu2.2 | UNKNOWN |
Ubuntu | 10.04 | noarch | nagios3 | < 3.2.0-4ubuntu2.2 | UNKNOWN |