This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 446379 - (CVE-2007-5803) CVE-2007-5803 nagios: XSS vulnerability
CVE-2007-5803 nagios: XSS vulnerability
Status: CLOSED RAWHIDE
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
http://nvd.nist.gov/nvd.cfm?cvename=C...
source=cve,reported=20080513,public=2...
: Security
Depends On: 437850 445512 446381 446382 446383
Blocks:
  Show dependency treegraph
 
Reported: 2008-05-14 08:28 EDT by Tomas Hoger
Modified: 2016-03-04 06:35 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-12-22 18:16:44 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
SuSE patch (40.00 KB, patch)
2008-05-14 08:29 EDT, Tomas Hoger
no flags Details | Diff

  None (edit)
Description Tomas Hoger 2008-05-14 08:28:01 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-5803 to the following vulnerability:

Cross-site scripting (XSS) vulnerability in Nagios allows remote
attackers to inject arbitrary web script or HTML via unknown vectors,
a different vulnerability than CVE-2007-5624 and CVE-2008-1360.

References:
http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
http://secunia.com/advisories/30202

Note:
This was reported as an incomplete fix for CVE-2007-5624.
Comment 1 Tomas Hoger 2008-05-14 08:29:28 EDT
Created attachment 305354 [details]
SuSE patch

This is *NOT* fixed in the upstream version 2.11.

(Extracted from SuSE nagios-2.9-48.4.src.rpm)
Comment 4 mail@romal.de 2008-10-20 14:47:18 EDT
We have Nagios 3.0.4 in Rawhide. Should we close this bug ?
Comment 5 Tomas Hoger 2008-10-21 02:28:39 EDT
Purpose of the bugs filed against 'Security Response' product is to remain open until the issue is addressed in all affected versions of all affected products (either Fedora or Red Hat products).  This still remains unfixed in at least F8/F9.
Comment 6 Vincent Danen 2010-12-22 18:16:44 EST
Fedora 8 and 9 are EOL, latest Fedora and EPEL have the fixed version.

Note You need to log in before you can comment on or make changes to this bug.