Oval Definition:oval:org.mitre.oval:def:13703
Revision Date:2014-06-23Version:20
Title:DSA-1883-1 nagios2 -- missing input sanitising
Description:Several vulnerabilities have been found in nagios2, ahost/service/network monitoring and management system. The Common Vulnerabilities and Exposures project identifies the following problems: Several cross-site scripting issues via several parameters were discovered in the CGI scripts, allowing attackers to inject arbitrary HTML code. In order to cover the different attack vectors, these issues have been assigned CVE-2007-5624, CVE-2007-5803 and CVE-2008-1360. For the oldstable distribution, these problems have been fixed in version 2.6-2+etch4. The stable distribution does not include nagios2 and nagios3 is not affected by these problems. The testing distribution and the unstable distribution do not contain nagios2 and nagios3 is not affected by these problems. We recommend that you upgrade your nagios2 packages.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2007-5624
CVE-2007-5803
CVE-2008-1360
DSA-1883-1
Platform(s):Debian GNU/Linux 4.0
Product(s):nagios2
Definition Synopsis
  • Debian GNU/Linux 4.0 is installed.
  • AND Architecture section
  • Architecture independent section
  • Installed architecture is all
  • AND Packages section
  • nagios2-common DPKG is earlier than 2.6-2+etch4
  • OR nagios2-doc DPKG is earlier than 2.6-2+etch4
  • OR Architecture depended section
  • Supported architectures section
  • Installed architecture is amd64
  • OR Installed architecture is sparc
  • OR Installed architecture is arm
  • OR Installed architecture is i386
  • OR Installed architecture is mips
  • OR Installed architecture is ia64
  • OR Installed architecture is alpha
  • OR Installed architecture is powerpc
  • OR Installed architecture is mipsel
  • OR Installed architecture is hppa
  • AND Packages section
  • nagios2-dbg DPKG is earlier than 2.6-2+etch4
  • OR nagios2 DPKG is earlier than 2.6-2+etch4
    • BACK