CVE-2006-2489

CVSS 7.5 - HIGH
Description

Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a content length (Content-Length) HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162.

Affected Products
23
Vendor Product Version
nagios nagios 1.0
nagios nagios 1.0b1
nagios nagios 1.0b2
nagios nagios 1.0b3
nagios nagios 1.0b4
nagios nagios 1.0b5
nagios nagios 1.0b6
nagios nagios 1.1
nagios nagios 1.2
nagios nagios 1.3
nagios nagios 1.4
nagios nagios 2.0
nagios nagios 2.0b1
nagios nagios 2.0b2
nagios nagios 2.0b3
nagios nagios 2.0b4
nagios nagios 2.0b5
nagios nagios 2.0b6
nagios nagios 2.0rc1
nagios nagios 2.0rc2
nagios nagios 2.1
nagios nagios 2.2
nagios nagios 2.3
References
http://secunia.com/advisories/20123
http://secunia.com/advisories/20247
http://secunia.com/advisories/20313
http://www.debian.org/security/2006/dsa-1072
http://www.gentoo.org/security/en/glsa/glsa-200605...
http://www.nagios.org/development/changelog.php
http://www.securityfocus.com/bid/18059
http://www.vupen.com/english/advisories/2006/1822
https://exchange.xforce.ibmcloud.com/vulnerabiliti...
https://usn.ubuntu.com/287-1/
http://secunia.com/advisories/20123
http://secunia.com/advisories/20247
http://secunia.com/advisories/20313
http://www.debian.org/security/2006/dsa-1072
http://www.gentoo.org/security/en/glsa/glsa-200605...
http://www.nagios.org/development/changelog.php
http://www.securityfocus.com/bid/18059
http://www.vupen.com/english/advisories/2006/1822
https://exchange.xforce.ibmcloud.com/vulnerabiliti...
https://usn.ubuntu.com/287-1/
Weakness Types
NVD-CWE-Other
CVE Information
CVE ID:
CVE-2006-2489
Published:
2006-05-19
Modified:
2026-04-16
CVSS Score:
7.5
Severity:
HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Vendors
nagios
Quick Actions
View on NVD Find Similar CVEs
CVSS Severity Scale
0.0 - 3.9 LOW
4.0 - 6.9 MEDIUM
7.0 - 8.9 HIGH
9.0 - 10.0 CRITICAL