Bug 446379 (CVE-2007-5803) - CVE-2007-5803 nagios: XSS vulnerability
Summary: CVE-2007-5803 nagios: XSS vulnerability
Keywords:
Status: CLOSED RAWHIDE
Alias: CVE-2007-5803
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: http://nvd.nist.gov/nvd.cfm?cvename=C...
Whiteboard:
Depends On: 437850 445512 446381 446382 446383
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-05-14 12:28 UTC by Tomas Hoger
Modified: 2019-09-29 12:24 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-12-22 23:16:44 UTC


Attachments (Terms of Use)
SuSE patch (40.00 KB, patch)
2008-05-14 12:29 UTC, Tomas Hoger
no flags Details | Diff

Description Tomas Hoger 2008-05-14 12:28:01 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-5803 to the following vulnerability:

Cross-site scripting (XSS) vulnerability in Nagios allows remote
attackers to inject arbitrary web script or HTML via unknown vectors,
a different vulnerability than CVE-2007-5624 and CVE-2008-1360.

References:
http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
http://secunia.com/advisories/30202

Note:
This was reported as an incomplete fix for CVE-2007-5624.

Comment 1 Tomas Hoger 2008-05-14 12:29:28 UTC
Created attachment 305354 [details]
SuSE patch

This is *NOT* fixed in the upstream version 2.11.

(Extracted from SuSE nagios-2.9-48.4.src.rpm)

Comment 4 romal 2008-10-20 18:47:18 UTC
We have Nagios 3.0.4 in Rawhide. Should we close this bug ?

Comment 5 Tomas Hoger 2008-10-21 06:28:39 UTC
Purpose of the bugs filed against 'Security Response' product is to remain open until the issue is addressed in all affected versions of all affected products (either Fedora or Red Hat products).  This still remains unfixed in at least F8/F9.

Comment 6 Vincent Danen 2010-12-22 23:16:44 UTC
Fedora 8 and 9 are EOL, latest Fedora and EPEL have the fixed version.


Note You need to log in before you can comment on or make changes to this bug.