CVE-2013-2214

Name of the Vulnerable Software and Affected Versions Nagios versions 3.x through 3.5.0 Nagios versions 4.0 through 4.0 beta3

Description The issue allows remote authenticated users to obtain sensitive information about hostnames via the servicegroup overview, summary, or grid style in status.cgi. This behavior was initially by design in most 3.x versions, but the upstream vendor decided to change it for Nagios 4 and version 3.5.1.

Recommendations For Nagios versions 3.x through 3.5.0, update to version 3.5.1 or later. For Nagios versions 4.0 through 4.0 beta3, update to version 4.0 beta4 or later.