The remote host is missing an update to nagios2, nagios3 announced via advisory DSA 1825-1.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201825-1

It was discovered that the statuswml.cgi script of nagios, a monitoring and management system for hosts, services and networks, is prone to a command injection vulnerability. Input to the ping and traceroute parameters of the script is not properly validated which allows an attacker to execute arbitrary shell commands by passing a crafted value to these parameters. For the oldstable distribution (etch), this problem has been fixed in version 2.6-2+etch3 of nagios2. For the stable distribution (lenny), this problem has been fixed in version 3.0.6-4~lenny2 of nagios3. For the testing distribution (squeeze), this problem has been fixed in version 3.0.6-5 of nagios3. For the unstable distribution (sid), this problem has been fixed in version 3.0.6-5 of nagios3. We recommend that you upgrade your nagios2/nagios3 packages.