GCVE - cpe:2.3:a:nagios:nagios:1.1:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:nagios:nagios:1.1:*:*:*:*:*:*:*

part: a version: 1.1 update: *

Vendor	Nagios (`7fb1328e-019e-51f8-8fa9-c12efadd1bbe`)
Product	Nagios (`50575199-1514-50c1-89a9-fe9479fd126c`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/nagios4`	purl2cpe	2026-06-01 10:14:43.752624
`pkg:deb/ubuntu/nagios4`	purl2cpe	2026-06-01 10:14:43.752626
`pkg:github/nagiosenterprises/nagioscore`	purl2cpe	2026-06-01 10:14:43.752627
`pkg:rpm/fedora/nagios`	purl2cpe	2026-06-01 10:14:43.752628
`pkg:rpm/opensuse/nagios`	purl2cpe	2026-06-01 10:14:43.752630
`pkg:sourceforge/nagios`	purl2cpe	2026-06-01 10:14:43.752631

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2011-1523`	vulnerable	2026-06-03 14:31:02.175369	Details available Cross-site scripting (XSS) vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter. Published: 2011-05-03T19:00:00.000Z Updated: 2024-08-06T22:28:41.906Z Open on db.gcve.eu Reference links http://securityreason.com/securityalert/8241 http://secunia.com/advisories/43287 https://bugzilla.redhat.com/show_bug.cgi?id=690877 http://tracker.nagios.org/view.php?id=207 http://www.rul3z.de/advisories/SSCHADV2011-002.txt	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-2288`	vulnerable	2026-06-03 14:29:40.317614	Details available statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters. Published: 2009-07-01T12:26:00.000Z Updated: 2024-08-07T05:44:55.810Z Open on db.gcve.eu Reference links http://secunia.com/advisories/35688 http://security.gentoo.org/glsa/glsa-200907-15.xml http://secunia.com/advisories/35543 http://secunia.com/advisories/39227 http://tracker.nagios.org/view.php?id=15	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-6373`	vulnerable	2026-06-03 14:29:13.222810	Details available Unspecified vulnerability in Nagios before 3.0.6 has unspecified impact and remote attack vectors related to CGI programs, "adaptive external commands," and "writing newlines and submitting service comments." Published: 2009-03-02T19:00:00.000Z Updated: 2024-08-07T11:27:35.625Z Open on db.gcve.eu Reference links http://security.gentoo.org/glsa/glsa-200907-15.xml http://www.nagios.org/news/#88 http://www.securitytracker.com/id?1022165 http://marc.info/?l=bugtraq&m=124156641928637&w=2 http://www.nagios.org/development/history/nagios-3x.php	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-5028`	vulnerable	2026-06-03 14:29:07.074341	Details available Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests. Published: 2008-11-10T15:00:00.000Z Updated: 2024-08-07T10:40:16.763Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/46426 http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se&forum_name=nagios-devel https://exchange.xforce.ibmcloud.com/vulnerabilities/46521 http://security.gentoo.org/glsa/glsa-200907-15.xml http://secunia.com/advisories/33320	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-5027`	vulnerable	2026-06-03 14:29:07.041923	Details available The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon. Published: 2008-11-10T15:00:00.000Z Updated: 2024-08-07T10:40:17.262Z Open on db.gcve.eu Reference links http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se&forum_name=nagios-devel http://www.vupen.com/english/advisories/2008/3364 http://security.gentoo.org/glsa/glsa-200907-15.xml http://www.nagios.org/development/history/nagios-3x.php http://secunia.com/advisories/33320	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-5803`	vulnerable	2026-06-03 14:28:27.890067	Details available Multiple cross-site scripting (XSS) vulnerabilities in CGI programs in Nagios before 2.12 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-5624 and CVE-2008-1360. Published: 2008-05-13T23:00:00.000Z Updated: 2024-08-07T15:47:00.589Z Open on db.gcve.eu Reference links http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html https://exchange.xforce.ibmcloud.com/vulnerabilities/42522 http://secunia.com/advisories/30202 http://www.vupen.com/english/advisories/2008/1567/references http://sourceforge.net/project/shownotes.php?release_id=600377&group_id=26589	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-2489`	vulnerable	2026-06-03 14:27:32.399973	Details available Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a content length (Content-Length) HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162. Published: 2006-05-19T23:00:00.000Z Updated: 2024-08-07T17:51:04.646Z Open on db.gcve.eu Reference links http://www.gentoo.org/security/en/glsa/glsa-200605-07.xml https://exchange.xforce.ibmcloud.com/vulnerabilities/26454 http://www.debian.org/security/2006/dsa-1072 http://www.nagios.org/development/changelog.php https://usn.ubuntu.com/287-1/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.