GCVE - cpe:2.3:a:nagios:nagios:1.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:nagios:nagios:1.0:*:*:*:*:*:*:*

part: a version: 1.0 update: *

Vendor	Nagios (`7fb1328e-019e-51f8-8fa9-c12efadd1bbe`)
Product	Nagios (`50575199-1514-50c1-89a9-fe9479fd126c`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/nagios4`	purl2cpe	2026-06-01 10:14:43.735464
`pkg:deb/ubuntu/nagios4`	purl2cpe	2026-06-01 10:14:43.735465
`pkg:github/nagiosenterprises/nagioscore`	purl2cpe	2026-06-01 10:14:43.735467
`pkg:rpm/fedora/nagios`	purl2cpe	2026-06-01 10:14:43.735468
`pkg:rpm/opensuse/nagios`	purl2cpe	2026-06-01 10:14:43.735470
`pkg:sourceforge/nagios`	purl2cpe	2026-06-01 10:14:43.735471

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2011-1523`	vulnerable	2026-06-03 14:31:02.169684	Details available Cross-site scripting (XSS) vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter. Published: 2011-05-03T19:00:00.000Z Updated: 2024-08-06T22:28:41.906Z Open on db.gcve.eu Reference links http://securityreason.com/securityalert/8241 http://secunia.com/advisories/43287 https://bugzilla.redhat.com/show_bug.cgi?id=690877 http://tracker.nagios.org/view.php?id=207 http://www.rul3z.de/advisories/SSCHADV2011-002.txt	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-2288`	vulnerable	2026-06-03 14:29:40.315573	Details available statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters. Published: 2009-07-01T12:26:00.000Z Updated: 2024-08-07T05:44:55.810Z Open on db.gcve.eu Reference links http://secunia.com/advisories/35688 http://security.gentoo.org/glsa/glsa-200907-15.xml http://secunia.com/advisories/35543 http://secunia.com/advisories/39227 http://tracker.nagios.org/view.php?id=15	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-6373`	vulnerable	2026-06-03 14:29:13.222627	Details available Unspecified vulnerability in Nagios before 3.0.6 has unspecified impact and remote attack vectors related to CGI programs, "adaptive external commands," and "writing newlines and submitting service comments." Published: 2009-03-02T19:00:00.000Z Updated: 2024-08-07T11:27:35.625Z Open on db.gcve.eu Reference links http://security.gentoo.org/glsa/glsa-200907-15.xml http://www.nagios.org/news/#88 http://www.securitytracker.com/id?1022165 http://marc.info/?l=bugtraq&m=124156641928637&w=2 http://www.nagios.org/development/history/nagios-3x.php	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-5028`	vulnerable	2026-06-03 14:29:07.074164	Details available Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests. Published: 2008-11-10T15:00:00.000Z Updated: 2024-08-07T10:40:16.763Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/46426 http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se&forum_name=nagios-devel https://exchange.xforce.ibmcloud.com/vulnerabilities/46521 http://security.gentoo.org/glsa/glsa-200907-15.xml http://secunia.com/advisories/33320	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-5027`	vulnerable	2026-06-03 14:29:07.036000	Details available The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon. Published: 2008-11-10T15:00:00.000Z Updated: 2024-08-07T10:40:17.262Z Open on db.gcve.eu Reference links http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se&forum_name=nagios-devel http://www.vupen.com/english/advisories/2008/3364 http://security.gentoo.org/glsa/glsa-200907-15.xml http://www.nagios.org/development/history/nagios-3x.php http://secunia.com/advisories/33320	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-2489`	vulnerable	2026-06-03 14:27:32.396366	Details available Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a content length (Content-Length) HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162. Published: 2006-05-19T23:00:00.000Z Updated: 2024-08-07T17:51:04.646Z Open on db.gcve.eu Reference links http://www.gentoo.org/security/en/glsa/glsa-200605-07.xml https://exchange.xforce.ibmcloud.com/vulnerabilities/26454 http://www.debian.org/security/2006/dsa-1072 http://www.nagios.org/development/changelog.php https://usn.ubuntu.com/287-1/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.