DSA-2384Executive Summary
| Summary | |
|---|---|
| Title | cacti regression |
| Informations | |||
|---|---|---|---|
| Name | DSA-2384 | First vendor Publication | 2012-01-09 |
| Vendor | Debian | Last vendor Modification | 2012-02-04 |
| Severity (Vendor) | N/A | Revision | 2 |
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentification | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
It was discovered that the last security update for cacti, DSA-2384-1, introduced a regression in lenny. For the oldstable distribution (lenny), this problem has been fixed in version 0.8.7b-2.1+lenny5. The stable distribution (squeeze) is not affected by this regression. We recommend that you upgrade your cacti packages. |
Original Source
| Url : http://www.debian.org/security/2012/dsa-2384 |
CWE : Common Weakness Enumeration
| id | Name |
|---|---|
| CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') |
| CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 77097 | Cacti auth_login.php login_username Parameter SQL Injection |
| 67529 | Cacti user_admin.php Unspecified Parameter XSS |
| 67528 | Cacti tree.php Unspecified Parameter XSS |
| 67527 | Cacti rra.php Unspecified Parameter XSS |
| 67526 | Cacti lib/rrd.php Unspecified Parameter XSS |
| 67525 | Cacti lib/html_tree.php Unspecified Parameter XSS |
| 67524 | Cacti lib/html.php Unspecified Parameter XSS |
| 67523 | Cacti lib/html_form_template.php Unspecified Parameter XSS |
| 67522 | Cacti lib/html_form.php Unspecified Parameter XSS |
| 67521 | Cacti lib/functions.php Unspecified Parameter XSS |
| 67520 | Cacti host_templates.php Unspecified Parameter XSS |
| 67519 | Cacti host.php Unspecified Parameter XSS |
| 67518 | Cacti graph_view.php Unspecified Parameter XSS |
| 67517 | Cacti graph_templates.php Unspecified Parameter XSS |
| 67516 | Cacti graph_templates_items.php Unspecified Parameter XSS |
| 67515 | Cacti graph_templates_inputs.php Unspecified Parameter XSS |
| 67514 | Cacti graphs.php Unspecified Parameter XSS |
| 67513 | Cacti graphs_new.php Unspecified Parameter XSS |
| 67512 | Cacti graph.php Unspecified Parameter XSS |
| 67511 | Cacti gprint_presets.php Unspecified Parameter XSS |
| 67510 | Cacti data_templates.php Unspecified Parameter XSS |
| 67509 | Cacti data_sources.php Unspecified Parameter XSS |
| 67508 | Cacti data_queries.php Unspecified Parameter XSS |
| 67507 | Cacti data_input.php Unspecified Parameter XSS |
| 67506 | Cacti cdef.php Unspecified Parameter XSS |
| 67505 | Cacti templates_import.php XML Template name Element XSS |
| 67369 | Cacti data_sources.php host_id Parameter XSS |
| 65014 | Cacti host.php Multiple Parameter XSS |
| 63972 | Cacti Multiple Function Hostname Editing Arbitrary Shell Command Execution |
| 60566 | Cacti graph.php Multiple Parameter XSS |
Alert History
| Date | Informations |
|---|---|
| 2013-05-11 00:44:15 |
|
(High)
(Medium)
