7.5

CVE-2006-2489

Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a content length (Content-Length) HTTP header.  NOTE: this is a different vulnerability than CVE-2006-2162.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NagiosNagios Version1.0
NagiosNagios Version1.0b1
NagiosNagios Version1.0b2
NagiosNagios Version1.0b3
NagiosNagios Version1.0b4
NagiosNagios Version1.0b5
NagiosNagios Version1.0b6
NagiosNagios Version1.1
NagiosNagios Version1.2
NagiosNagios Version1.3
NagiosNagios Version1.4
NagiosNagios Version2.0
NagiosNagios Version2.0b1
NagiosNagios Version2.0b2
NagiosNagios Version2.0b3
NagiosNagios Version2.0b4
NagiosNagios Version2.0b5
NagiosNagios Version2.0b6
NagiosNagios Version2.0rc1
NagiosNagios Version2.0rc2
NagiosNagios Version2.1
NagiosNagios Version2.2
NagiosNagios Version2.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.43% 0.917
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/20247
http://www.debian.org/security/2006/dsa-1072
http://www.gentoo.org/security/en/glsa/glsa-200605-07.xml
http://www.nagios.org/development/changelog.php
http://secunia.com/advisories/20123
Patch
Vendor Advisory
http://secunia.com/advisories/20313
http://www.securityfocus.com/bid/18059
http://www.vupen.com/english/advisories/2006/1822
https://exchange.xforce.ibmcloud.com/vulnerabilities/26454
https://usn.ubuntu.com/287-1/