CVE-2006-2489

Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a content length (Content-Length) HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162.

Published: May 20, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-2489
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
nagios / nagios	2.0b5	2.0b5.x
nagios / nagios	2.0b6	2.0b6.x
nagios / nagios	1.0b3	1.0b3.x
nagios / nagios	1.1	1.1.x
nagios / nagios	2.1	2.1.x
nagios / nagios	1.0b6	1.0b6.x
nagios / nagios	1.0	1.0.x
nagios / nagios	2.2	2.2.x
nagios / nagios	2.0b2	2.0b2.x
nagios / nagios	1.0b4	1.0b4.x
nagios / nagios	2.0b4	2.0b4.x
nagios / nagios	1.2	1.2.x
nagios / nagios	1.0b5	1.0b5.x
nagios / nagios	2.0b1	2.0b1.x
nagios / nagios	2.0	2.0.x
nagios / nagios	1.4	1.4.x
nagios / nagios	2.0b3	2.0b3.x
nagios / nagios	1.3	1.3.x
nagios / nagios	2.0rc1	2.0rc1.x
nagios / nagios	2.3	2.3.x
nagios / nagios	1.0b1	1.0b1.x
nagios / nagios	1.0b2	1.0b2.x
nagios / nagios	2.0rc2	2.0rc2.x

Vulnerability Database

289,697

CVE-2006-2489