Ubuntu Security Notice 287-1: The nagios CGI scripts did not sufficiently check the validity of the HTTP Content-Length attribute. By sending a specially crafted HTTP request with an invalidly large Content-Length value to the Nagios server, a remote attacker could exploit this to execute arbitrary code with web server privileges.
5e9eb73c9f438b4ecefd6e012aa971dade80f066d3fc35d41cedded74a6c9539