Common Vulnerabilities and Exposures assigned an identifier CVE-2007-5803 to the following vulnerability: Cross-site scripting (XSS) vulnerability in Nagios allows remote attackers to inject arbitrary web script or HTML via unknown vectors, a different vulnerability than CVE-2007-5624 and CVE-2008-1360. References: http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html http://secunia.com/advisories/30202 Note: This was reported as an incomplete fix for CVE-2007-5624.
Created attachment 305354 [details] SuSE patch This is *NOT* fixed in the upstream version 2.11. (Extracted from SuSE nagios-2.9-48.4.src.rpm)
Now fixed upstream in 3.0.2 and 2.12: http://www.nagios.org/development/history/nagios-3x.php http://www.nagios.org/development/history/nagios-2x.php
We have Nagios 3.0.4 in Rawhide. Should we close this bug ?
Purpose of the bugs filed against 'Security Response' product is to remain open until the issue is addressed in all affected versions of all affected products (either Fedora or Red Hat products). This still remains unfixed in at least F8/F9.
Fedora 8 and 9 are EOL, latest Fedora and EPEL have the fixed version.