This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Summuary
CPE Namecpe:/a:nagios:nagios:2.3.1
Detail
VendorNagiosFirst view 2007-10-23
ProductNagiosLast view2014-02-28
Version2.3.1TypeApplication
Edition 
Language 
Update 
 
CPE Productcpe:/a:nagios:nagios

Activity : Overall

Related : CVE

 DateAlertAccess VectorAccess ComplexityAuthentication
52014-02-28CVE-2014-1878NetworkLowNone Requ...
6.42014-01-15CVE-2013-7205NetworkLowNone Requ...
5.52014-01-15CVE-2013-7108NetworkLowRequires ...
7.52013-01-22CVE-2012-6096NetworkLowNone Requ...
4.32011-05-03CVE-2011-1523NetworkMediumNone Requ...
Hide | Show 7 More...
 DateAlertAccess VectorAccess ComplexityAuthentication
7.52009-07-01CVE-2009-2288NetworkLowNone Requ...
52009-03-02CVE-2008-6373NetworkLowNone Requ...
6.82008-11-10CVE-2008-5028NetworkMediumNone Requ...
6.52008-11-10CVE-2008-5027NetworkLowRequires ...
4.32008-05-13CVE-2007-5803NetworkMediumNone Requ...
4.32008-03-17CVE-2008-1360NetworkMediumNone Requ...
4.32007-10-23CVE-2007-5624NetworkMediumNone Requ...

CWE : Common Weakness Enumeration

%idName
33% (4)CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting')
25% (3)CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer
8% (1)CWE-352Cross-Site Request Forgery (CSRF)
8% (1)CWE-264Permissions, Privileges, and Access Controls
8% (1)CWE-94Failure to Control Generation of Code ('Code Injection')
Hide | Show 2 More...
%idName
8% (1)CWE-78Improper Sanitization of Special Elements used in an OS Command ('O...
8% (1)CWE-20Improper Input Validation

CAPEC : Common Attack Pattern Enumeration & Classification

idName
CAPEC-1Accessing Functionality Not Properly Constrained by ACLs
CAPEC-13Subverting Environment Variable Values
CAPEC-17Accessing, Modifying or Executing Executable Files
CAPEC-39Manipulating Opaque Client-based Data Tokens
CAPEC-45Buffer Overflow via Symbolic Links
Hide | Show 7 More...
idName
CAPEC-51Poison Web Service Registry
CAPEC-59Session Credential Falsification through Prediction
CAPEC-60Reusing Session IDs (aka Session Replay)
CAPEC-76Manipulating Input to File System Calls
CAPEC-77Manipulating User-Controlled Variables
CAPEC-87Forceful Browsing
CAPEC-104Cross Zone Scripting

Oval Markup Language : Definitions

OvalIDName
oval:org.mitre.oval:def:21043USN-698-1 -- nagios vulnerability
oval:org.mitre.oval:def:20718USN-698-3 -- nagios2 vulnerabilities
oval:org.mitre.oval:def:20295USN-698-2 -- nagios3 vulnerabilities
oval:org.mitre.oval:def:25305SUSE-SU-2014:0570-1 -- Security update for nagios
oval:org.mitre.oval:def:7884DSA-1883 nagios2 -- missing input sanitising
Hide | Show 9 More...
idName
oval:org.mitre.oval:def:13703DSA-1883-1 nagios2 -- missing input sanitising
oval:org.mitre.oval:def:13118DSA-1883-2 nagios2 -- missing input sanitising
oval:org.mitre.oval:def:19990DSA-2616-1 nagios3 - buffer overflow vulnerability
oval:org.mitre.oval:def:18427DSA-2653-1 icinga - buffer overflow
oval:org.mitre.oval:def:26016SUSE-SU-2013:0358-1 -- Security update for nagios
oval:org.mitre.oval:def:25577SUSE-SU-2014:0156-1 -- Security update for nagios
oval:org.mitre.oval:def:8200DSA-1825 nagios2, nagios3 -- insufficient input validation
oval:org.mitre.oval:def:13626USN-795-1 -- nagios2, nagios3 vulnerability
oval:org.mitre.oval:def:13385DSA-1825-1 nagios2, nagios3 -- insufficient input validation

SAINT Exploits

DescriptionLink
Nagios 3 history.cgi Command InjectionMore info here
Nagios statuswml.cgi Command InjectionMore info here

Open Source Vulnerability Database (OSVDB)

idDescription
71059Nagios cgi-bin/statusmap.cgi layer Parameter XSS
55281Nagios statuswml.cgi Multiple Parameter Arbitrary Remote Shell Command Execution
50457Nagios Unspecified CGI Issue
50242op5 Nagios Process Browser Addon Remote Authentication Bypass
50241op5 Nagios Process Custom Form Remote Authentication Bypass
Hide | Show 7 More...
idDescription
50240Nagios Nagios Process Browser Addon Remote Authentication Bypass
50239Nagios Nagios Process Custom Form Remote Authentication Bypass
49994op5 Monitor Unspecified CSRF
49991Nagios Unspecified CSRF
45359Nagios Unspecified CGI XSS
42951Nagios Unspecified XSS
38071Nagios CGI Script Unspecified Parameter XSS

ExploitDB Exploits

idDescription
24084Nagios history.cgi Remote Command Execution Vulnerability

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
idDescription
2012-04-02Name : Fedora Update for nagios FEDORA-2012-1592
File : nvt/gb_fedora_2012_1592_nagios_fc16.nasl
2012-02-21Name : Fedora Update for nagios FEDORA-2012-1583
File : nvt/gb_fedora_2012_1583_nagios_fc15.nasl
2011-06-20Name : Ubuntu Update for nagios3 USN-1151-1
File : nvt/gb_ubuntu_USN_1151_1.nasl
2011-03-16Name : Nagios 'layer' Cross-Site Scripting Vulnerability
File : nvt/gb_nagios_layer_xss_vuln.nasl
2011-03-11Name : Nagios 'layer' Parameter Cross-Site Scripting Vulnerabilities
File : nvt/gb_nagios_46826.nasl
Hide | Show 20 More...
idDescription
2009-10-13Name : SLES10: Security update for nagios
File : nvt/sles10_nagios.nasl
2009-10-13Name : SLES10: Security update for nagios
File : nvt/sles10_nagios0.nasl
2009-10-11Name : SLES11: Security update for nagios
File : nvt/sles11_nagios.nasl
2009-09-15Name : Debian Security Advisory DSA 1883-1 (nagios2)
File : nvt/deb_1883_1.nasl
2009-09-15Name : Debian Security Advisory DSA 1883-2 (nagios2)
File : nvt/deb_1883_2.nasl
2009-08-17Name : Mandrake Security Advisory MDVSA-2009:187 (nagios)
File : nvt/mdksa_2009_187.nasl
2009-08-17Name : SuSE Security Summary SUSE-SR:2009:013
File : nvt/suse_sr_2009_013.nasl
2009-07-29Name : Gentoo Security Advisory GLSA 200907-15 (nagios-core)
File : nvt/glsa_200907_15.nasl
2009-07-08Name : Nagios 'statuswml.cgi' Remote Arbitrary Shell Command Injection Vulnerability
File : nvt/nagios_35464.nasl
2009-07-06Name : Debian Security Advisory DSA 1825-1 (nagios2, nagios3)
File : nvt/deb_1825_1.nasl
2009-07-06Name : Ubuntu USN-795-1 (nagios3)
File : nvt/ubuntu_795_1.nasl
2009-07-06Name : FreeBSD Ports: nagios
File : nvt/freebsd_nagios1.nasl
2009-06-05Name : Ubuntu USN-698-1 (nagios)
File : nvt/ubuntu_698_1.nasl
2009-06-05Name : Ubuntu USN-698-3 (nagios2)
File : nvt/ubuntu_698_3.nasl
2009-06-05Name : Ubuntu USN-723-1 (git-core)
File : nvt/ubuntu_723_1.nasl
2009-05-06Name : Nagios Web Interface Privilege Escalation Vulnerability
File : nvt/nagios_cve_2008_5027.nasl
2009-05-06Name : Nagios External Commands and Adaptive Commands Unspecified Vulnerability
File : nvt/nagios_cve_2008_6373.nasl
2009-03-23Name : Ubuntu Update for nagios vulnerability USN-698-1
File : nvt/gb_ubuntu_USN_698_1.nasl
2009-03-23Name : Ubuntu Update for nagios2 vulnerabilities USN-698-3
File : nvt/gb_ubuntu_USN_698_3.nasl
2009-03-02Name : Mandrake Security Advisory MDVSA-2009:054 (nagios)
File : nvt/mdksa_2009_054.nasl

Snort® IPS/IDS

DateDescription
2014-02-15Nagios process_cgivars off-by-one memory access denial of service attempt
RuleID : 29375 - Type : SERVER-WEBAPP - Revision : 1
2014-02-15Nagios process_cgivars off-by-one memory access denial of service attempt
RuleID : 29374 - Type : SERVER-WEBAPP - Revision : 1
2014-02-08Nagios3 statuswml.cgi remote command execution attempt
RuleID : 29267 - Type : SERVER-WEBAPP - Revision : 1
2014-01-10Nagios3 statuswml.cgi remote command execution attempt
RuleID : 26274 - Type : SERVER-WEBAPP - Revision : 3
2014-01-10Nagios Core get_history buffer overflow attempt
RuleID : 25586 - Type : SERVER-WEBAPP - Revision : 7

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
idDescription
2016-05-09Name : The remote Debian host is missing a security update.
File : debian_DLA-461.nasl - Type : ACT_GATHER_INFO
2015-03-26Name : The remote Debian host is missing a security update.
File : debian_DLA-60.nasl - Type : ACT_GATHER_INFO
2014-12-15Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201412-23.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_4_nagios-110706.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-41.nasl - Type : ACT_GATHER_INFO
Hide | Show 20 More...
idDescription
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-13.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-45.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-54.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-291.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-42.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-58.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_3_nagios-110706.nasl - Type : ACT_GATHER_INFO
2014-06-12Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2956.nasl - Type : ACT_GATHER_INFO
2014-05-19Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-089.nasl - Type : ACT_GATHER_INFO
2014-04-25Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_nagios-140331.nasl - Type : ACT_GATHER_INFO
2014-01-29Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_nagios-140108.nasl - Type : ACT_GATHER_INFO
2014-01-19Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-004.nasl - Type : ACT_GATHER_INFO
2014-01-15Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_ba04a3737d2011e3899200132034b086.nasl - Type : ACT_GATHER_INFO
2013-03-27Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2653.nasl - Type : ACT_GATHER_INFO
2013-02-28Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_nagios-8460.nasl - Type : ACT_GATHER_INFO
2013-02-28Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_nagios-130211.nasl - Type : ACT_GATHER_INFO
2013-02-04Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2616.nasl - Type : ACT_GATHER_INFO
2013-01-23Name : The remote Fedora host is missing a security update.
File : fedora_2013-0732.nasl - Type : ACT_GATHER_INFO
2013-01-23Name : The remote Fedora host is missing a security update.
File : fedora_2013-0752.nasl - Type : ACT_GATHER_INFO
2013-01-23Name : The remote Fedora host is missing a security update.
File : fedora_2013-0753.nasl - Type : ACT_GATHER_INFO