Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 196732

Summary: net-analyzer/nagios-core<=2.10 possible cross site scripting vulnerability in the CGIs (CVE-2007-5624)
Product: Gentoo Security Reporter: Tobias Scherbaum (RETIRED) <dertobi123>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.nagios.org/development/changelog.php#2x_branch
Whiteboard: ~4 [noglsa]
Package list:
Runtime testing required: ---

Description Tobias Scherbaum (RETIRED) gentoo-dev 2007-10-22 18:37:23 UTC 
From the Changelog:
"Fix for a potential cross site scripting vulnerability in the CGIs"

I just committed nagios-(core-)2.10, nagios-2* hasn't been stable on any architecture. Not sure if nagios-1.* (currently stable) is also affected, if so nagios-2.10 is ready for stabilization from my pov.
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-10-22 19:42:17 UTC 
Thx for the heads up Tobias.

Seems like it only affects 2.x otherwise we'll have to reopen. So closing without GLSA for now.