Bug 349011 - (CVE-2007-5624) CVE-2007-5624 nagios possible XSS in version <2.10
CVE-2007-5624 nagios possible XSS in version <2.10
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
Fedora Extras Quality Assurance
source=gentoo,reported=20071022,publi...
: Security
Depends On: 362791 362801 362811
Blocks:
  Show dependency treegraph
 
Reported: 2007-10-23 12:36 EDT by Tomas Hoger
Modified: 2016-03-04 06:06 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-01-14 12:13:22 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
SuSE patch (11.99 KB, patch)
2008-05-14 08:10 EDT, Tomas Hoger
no flags Details | Diff

  None (edit)
Description Tomas Hoger 2007-10-23 12:36:28 EDT
New nagios version was released recently with following entry in the changelog:

  Fix for a potential cross site scripting vulnerability in the CGIs


Common Vulnerabilities and Exposures assigned an identifier CVE-2007-5624 to
this vulnerability:

Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10
allows remote attackers to inject arbitrary web script or HTML via
unknown vectors to unspecified CGI scripts.

References:

http://www.nagios.org/development/changelog.php#2x_branch
http://secunia.com/advisories/27316
Comment 2 Lubomir Kundrak 2007-11-09 13:41:05 EST
Mike: Please make the updates. Is there anything that prevent you from doing so?
Do you need any help?
Comment 3 Red Hat Product Security 2008-01-14 12:13:22 EST
This issue was addressed in:

Fedora:
  https://admin.fedoraproject.org/updates/F7/FEDORA-2007-4123
  https://admin.fedoraproject.org/updates/F8/FEDORA-2007-4145

Comment 4 Tomas Hoger 2008-05-14 08:10:54 EDT
Created attachment 305352 [details]
SuSE patch

This fix is present in upstream version 2.10.

(Extracted from SuSE nagios-2.9-48.4.src.rpm)

Note You need to log in before you can comment on or make changes to this bug.