CVE-2011-2179

{"id": "CVE-2011-2179", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2011-06-14T17:55:06.437", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2011-06/0017.html", "source": "secalert@redhat.com"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2011-06/0018.html", "tags": ["Exploit", "Patch"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/44974", "source": "secalert@redhat.com"}, {"url": "http://securityreason.com/securityalert/8274", "source": "secalert@redhat.com"}, {"url": "http://tracker.nagios.org/view.php?id=224", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2011/06/01/10", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2011/06/02/6", "source": "secalert@redhat.com"}, {"url": "http://www.rul3z.de/advisories/SSCHADV2011-005.txt", "tags": ["Exploit", "Patch"], "source": "secalert@redhat.com"}, {"url": "http://www.rul3z.de/advisories/SSCHADV2011-006.txt", "tags": ["Exploit", "Patch"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/48087", "source": "secalert@redhat.com"}, {"url": "http://www.ubuntu.com/usn/USN-1151-1", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=709871", "source": "secalert@redhat.com"}, {"url": "https://dev.icinga.org/issues/1605", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67797", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en config.c en config.cgi en (1) Nagios v3.2.3 y (2) Icinga antes de v1.4.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro expand, como se demuestra por (a) la acci\u00f3n command o (b) una acci\u00f3n hosts."}], "lastModified": "2017-08-29T01:29:19.567", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:icinga:icinga:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10436D2F-3CCB-4ED6-9327-3CD6BA5E43D5", "versionEndIncluding": "1.4.0"}, {"criteria": "cpe:2.3:a:icinga:icinga:0.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D65D942-0560-42B0-BAF8-D6B8C4237558"}, {"criteria": "cpe:2.3:a:icinga:icinga:0.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0CF3E50F-0DF1-44C1-9E7D-E3AE9BBAC5C9"}, {"criteria": "cpe:2.3:a:icinga:icinga:0.8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F87DFD18-B038-4E18-889A-FCADDC7E9C23"}, {"criteria": "cpe:2.3:a:icinga:icinga:0.8.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9B482D1-BB5D-41CC-A330-214F1EC9BD43"}, {"criteria": "cpe:2.3:a:icinga:icinga:0.8.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6EB99BAF-6CF9-4F61-A86B-91F4DAE20F58"}, {"criteria": "cpe:2.3:a:icinga:icinga:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B65BD554-2D66-4237-8829-EC5CFD374E4A"}, {"criteria": "cpe:2.3:a:icinga:icinga:1.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51CBC3F4-EB90-462D-B840-71DB9E8E3667"}, {"criteria": "cpe:2.3:a:icinga:icinga:1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "719B37F6-4D3A-4922-B58D-536A775D42D8"}, {"criteria": "cpe:2.3:a:icinga:icinga:1.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7890303A-21C3-47B8-86AF-1B07A01C9AE6"}, {"criteria": "cpe:2.3:a:icinga:icinga:1.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CED3BF83-92C3-4324-BC6E-722309A8787B"}, {"criteria": "cpe:2.3:a:icinga:icinga:1.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5F7F451-E7AA-4C84-874D-7C7E5C162DEA"}, {"criteria": "cpe:2.3:a:icinga:icinga:1.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5250AED-B86C-4415-A274-7DD9659F40D7"}, {"criteria": "cpe:2.3:a:icinga:icinga:1.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6E333C3-C264-41C9-B358-97A3F62C649D"}, {"criteria": "cpe:2.3:a:icinga:icinga:1.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BEAD9B4E-66B1-4E82-8A6F-B46A4F0A61D9"}, {"criteria": "cpe:2.3:a:nagios:nagios:3.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4584E0CD-A0F9-4AD1-ACC5-800E38F5DD59"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}