Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before
2.3 allows remote attackers to execute arbitrary code via a negative
content length (Content-Length) HTTP header.
It should be noted that apache 2 will not allow this condition to happen.
Thanks for the heads up. I've sent the 2.3 update to buildsys and it should be