UBUNTU-CVE-2011-2179

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2011-2179
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2011/UBUNTU-CVE-2011-2179.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2011-2179
Upstream
  • CVE-2011-2179
Related
  • USN-1151-1
Withdrawn
2025-07-18T16:42:42Z
Published
2011-06-07T00:00:00Z
Modified
2026-02-04T03:07:46.773795Z
Severity
  • Ubuntu - medium
Summary
[none]
Details

Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action.

References

Affected packages

Ubuntu:14.04:LTS / icinga

Package

Name
icinga
Purl
pkg:deb/ubuntu/icinga@1.10.3-1?arch=source&distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.10.3-1

Affected versions

1.*
1.9.3-2
1.9.3-2build1
1.10.0-1
1.10.1-1
1.10.2-1

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "icinga",
            "binary_version": "1.10.3-1"
        },
        {
            "binary_name": "icinga-cgi",
            "binary_version": "1.10.3-1"
        },
        {
            "binary_name": "icinga-common",
            "binary_version": "1.10.3-1"
        },
        {
            "binary_name": "icinga-core",
            "binary_version": "1.10.3-1"
        },
        {
            "binary_name": "icinga-dbg",
            "binary_version": "1.10.3-1"
        },
        {
            "binary_name": "icinga-doc",
            "binary_version": "1.10.3-1"
        },
        {
            "binary_name": "icinga-idoutils",
            "binary_version": "1.10.3-1"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2011/UBUNTU-CVE-2011-2179.json"