Test ID:	1.3.6.1.4.1.25623.1.0.120417
Category:	Amazon Linux Local Security Checks
Title:	Amazon Linux: Security Advisory (ALAS-2012-50)
Summary:	The remote host is missing an update for the 'nagios' package(s) announced via the ALAS-2012-50 advisory.
Description:	Summary: The remote host is missing an update for the 'nagios' package(s) announced via the ALAS-2012-50 advisory. Vulnerability Insight: Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action. Affected Software/OS: 'nagios' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2179 20110601 Cross-Site Scripting vulnerability in Icinga http://archives.neohapsis.com/archives/bugtraq/2011-06/0017.html 20110601 Cross-Site Scripting vulnerability in Nagios http://archives.neohapsis.com/archives/bugtraq/2011-06/0018.html 44974 http://secunia.com/advisories/44974 48087 http://www.securityfocus.com/bid/48087 8274 http://securityreason.com/securityalert/8274 USN-1151-1 http://www.ubuntu.com/usn/USN-1151-1 [oss-security] 20110601 CVE request: XSS in nagios http://www.openwall.com/lists/oss-security/2011/06/01/10 [oss-security] 20110602 Re: CVE request: XSS in nagios http://www.openwall.com/lists/oss-security/2011/06/02/6 http://tracker.nagios.org/view.php?id=224 http://www.rul3z.de/advisories/SSCHADV2011-005.txt http://www.rul3z.de/advisories/SSCHADV2011-006.txt https://bugzilla.redhat.com/show_bug.cgi?id=709871 https://dev.icinga.org/issues/1605 icinga-expand-xss(67797) https://exchange.xforce.ibmcloud.com/vulnerabilities/67797
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.