Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a content length (Content-Length) HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162.
2006-05-19T23:02:00.000
2025-04-03T01:03:51.193
Deferred
CVSSv2: 7.5 (HIGH)
AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | nagios | nagios | 1.0 | Yes |
| Application | nagios | nagios | 1.0b1 | Yes |
| Application | nagios | nagios | 1.0b2 | Yes |
| Application | nagios | nagios | 1.0b3 | Yes |
| Application | nagios | nagios | 1.0b4 | Yes |
| Application | nagios | nagios | 1.0b5 | Yes |
| Application | nagios | nagios | 1.0b6 | Yes |
| Application | nagios | nagios | 1.1 | Yes |
| Application | nagios | nagios | 1.2 | Yes |
| Application | nagios | nagios | 1.3 | Yes |
| Application | nagios | nagios | 1.4 | Yes |
| Application | nagios | nagios | 2.0 | Yes |
| Application | nagios | nagios | 2.0b1 | Yes |
| Application | nagios | nagios | 2.0b2 | Yes |
| Application | nagios | nagios | 2.0b3 | Yes |
| Application | nagios | nagios | 2.0b4 | Yes |
| Application | nagios | nagios | 2.0b5 | Yes |
| Application | nagios | nagios | 2.0b6 | Yes |
| Application | nagios | nagios | 2.0rc1 | Yes |
| Application | nagios | nagios | 2.0rc2 | Yes |
| Application | nagios | nagios | 2.1 | Yes |
| Application | nagios | nagios | 2.2 | Yes |
| Application | nagios | nagios | 2.3 | Yes |