{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-06-01T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "20110601 Cross-Site Scripting vulnerability in Nagios", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2011-06/0018.html"}, {"name": "icinga-expand-xss(67797)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67797"}, {"name": "8274", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/8274"}, {"name": "48087", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/48087"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=709871"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://tracker.nagios.org/view.php?id=224"}, {"name": "[oss-security] 20110601 CVE request: XSS in nagios", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2011/06/01/10"}, {"tags": ["x_refsource_MISC"], "url": "http://www.rul3z.de/advisories/SSCHADV2011-006.txt"}, {"name": "[oss-security] 20110602 Re: CVE request: XSS in nagios", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2011/06/02/6"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://dev.icinga.org/issues/1605"}, {"name": "44974", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/44974"}, {"tags": ["x_refsource_MISC"], "url": "http://www.rul3z.de/advisories/SSCHADV2011-005.txt"}, {"name": "USN-1151-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1151-1"}, {"name": "20110601 Cross-Site Scripting vulnerability in Icinga", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2011-06/0017.html"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-2179", "datePublished": "2011-06-14T17:00:00", "dateReserved": "2011-05-31T00:00:00", "dateUpdated": "2017-08-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:icinga:icinga:*:*:*:*:*:*:*:*", "matchCriteriaId": "10436D2F-3CCB-4ED6-9327-3CD6BA5E43D5", "versionEndIncluding": "1.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:icinga:icinga:0.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "1D65D942-0560-42B0-BAF8-D6B8C4237558", "vulnerable": true}, {"criteria": "cpe:2.3:a:icinga:icinga:0.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "0CF3E50F-0DF1-44C1-9E7D-E3AE9BBAC5C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:icinga:icinga:0.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "F87DFD18-B038-4E18-889A-FCADDC7E9C23", "vulnerable": true}, {"criteria": "cpe:2.3:a:icinga:icinga:0.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "B9B482D1-BB5D-41CC-A330-214F1EC9BD43", "vulnerable": true}, {"criteria": "cpe:2.3:a:icinga:icinga:0.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "6EB99BAF-6CF9-4F61-A86B-91F4DAE20F58", "vulnerable": true}, {"criteria": "cpe:2.3:a:icinga:icinga:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B65BD554-2D66-4237-8829-EC5CFD374E4A", "vulnerable": true}, {"criteria": "cpe:2.3:a:icinga:icinga:1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "51CBC3F4-EB90-462D-B840-71DB9E8E3667", "vulnerable": true}, {"criteria": "cpe:2.3:a:icinga:icinga:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "719B37F6-4D3A-4922-B58D-536A775D42D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:icinga:icinga:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "7890303A-21C3-47B8-86AF-1B07A01C9AE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:icinga:icinga:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "CED3BF83-92C3-4324-BC6E-722309A8787B", "vulnerable": true}, {"criteria": "cpe:2.3:a:icinga:icinga:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "A5F7F451-E7AA-4C84-874D-7C7E5C162DEA", "vulnerable": true}, {"criteria": "cpe:2.3:a:icinga:icinga:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "D5250AED-B86C-4415-A274-7DD9659F40D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:icinga:icinga:1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "C6E333C3-C264-41C9-B358-97A3F62C649D", "vulnerable": true}, {"criteria": "cpe:2.3:a:icinga:icinga:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "BEAD9B4E-66B1-4E82-8A6F-B46A4F0A61D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:nagios:nagios:3.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "4584E0CD-A0F9-4AD1-ACC5-800E38F5DD59", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en config.c en config.cgi en (1) Nagios v3.2.3 y (2) Icinga antes de v1.4.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro expand, como se demuestra por (a) la acci\u00f3n command o (b) una acci\u00f3n hosts."}], "id": "CVE-2011-2179", "lastModified": "2017-08-29T01:29:19.567", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2011-06-14T17:55:06.437", "references": [{"source": "secalert@redhat.com", "url": "http://archives.neohapsis.com/archives/bugtraq/2011-06/0017.html"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "http://archives.neohapsis.com/archives/bugtraq/2011-06/0018.html"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/44974"}, {"source": "secalert@redhat.com", "url": "http://securityreason.com/securityalert/8274"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://tracker.nagios.org/view.php?id=224"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2011/06/01/10"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2011/06/02/6"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "http://www.rul3z.de/advisories/SSCHADV2011-005.txt"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "http://www.rul3z.de/advisories/SSCHADV2011-006.txt"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/48087"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-1151-1"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=709871"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "https://dev.icinga.org/issues/1605"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67797"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}