CVE-2014-1878CVE-2014-1878

Affected configuration(s):

cpe:/a:icinga:icinga:1.8.0
cpe:/a:icinga:icinga:1.8.1
cpe:/a:icinga:icinga:1.8.2
cpe:/a:icinga:icinga:1.8.3
cpe:/a:icinga:icinga:1.8.4
cpe:/a:icinga:icinga:1.8.5
cpe:/a:icinga:icinga:1.9.0
cpe:/a:icinga:icinga:1.9.1
cpe:/a:icinga:icinga:1.9.2
cpe:/a:icinga:icinga:1.9.3
cpe:/a:icinga:icinga:1.9.4
cpe:/a:icinga:icinga:1.10.0
cpe:/a:icinga:icinga:1.10.1
cpe:/a:icinga:icinga:1.10.2
cpe:/a:nagios:nagios:4.0.0:beta1
cpe:/a:nagios:nagios:4.0.0:beta2
cpe:/a:nagios:nagios:4.0.0:beta3
cpe:/a:nagios:nagios:4.0.0:beta4
cpe:/a:nagios:nagios:4.0.2
cpe:/a:nagios:nagios:4.0.3:rc1

Date published: 2014-02-28T10:13:04.063-05:00

Date last modified: 2017-12-15T21:29:06.213-05:00

CVSS Score: 5.0

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://lists.opensuse.org/opensuse-updates/2014-04/msg00033.html

Summary: Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service (segmentation fault) via a long message to cmd.cgi.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.