CVE-2006-2489
Nagios 1.x < 1.4.1 and 2.x < 2.3.1 - Remote Code Execution via Content-Length Header Overflow
Title source: llmDescription
Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a content length (Content-Length) HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162.
References (10)
Core 10
Core References
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200605-07.xml
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/26454
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2006/dsa-1072
Various Sources x_refsource_confirm
http://www.nagios.org/development/changelog.php
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/287-1/
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/20313
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/18059
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/20123
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/20247
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1822
Scores
EPSS
0.0192
EPSS Percentile
83.6%
Details
Status
published
Products (23)
nagios/nagios
1.0
nagios/nagios
1.0b1
nagios/nagios
1.0b2
nagios/nagios
1.0b3
nagios/nagios
1.0b4
nagios/nagios
1.0b5
nagios/nagios
1.0b6
nagios/nagios
1.1
nagios/nagios
1.2
nagios/nagios
1.3
... and 13 more
Published
May 19, 2006
Tracked Since
Feb 18, 2026