Executive Summary

Summary
Titlecacti regression
Informations
NameDSA-2384First vendor Publication2012-01-09
VendorDebianLast vendor Modification2012-02-04
Severity (Vendor) N/ARevision2

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score7.5Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

It was discovered that the last security update for cacti, DSA-2384-1, introduced a regression in lenny.

For the oldstable distribution (lenny), this problem has been fixed in version 0.8.7b-2.1+lenny5.

The stable distribution (squeeze) is not affected by this regression.

We recommend that you upgrade your cacti packages.

Original Source

Url : http://www.debian.org/security/2012/dsa-2384

CWE : Common Weakness Enumeration

idName
CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting')
CWE-89Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection')
CWE-20Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Application39

OpenVAS Exploits

DateDescription
2012-02-12Name : Debian Security Advisory DSA 2384-2 (cacti)
File : nvt/deb_2384_2.nasl
2012-02-11Name : Debian Security Advisory DSA 2384-1 (cacti)
File : nvt/deb_2384_1.nasl
2012-01-23Name : Mandriva Update for cacti MDVSA-2012:010 (cacti)
File : nvt/gb_mandriva_MDVSA_2012_010.nasl
2011-11-15Name : Cacti Unspecified SQL Injection and Cross Site Scripting Vulnerabilities
File : nvt/gb_cacti_50671.nasl
2010-08-30Name : Cacti Cross Site Scripting and HTML Injection Vulnerabilities
File : nvt/gb_cacti_42575.nasl
2010-08-30Name : Mandriva Update for cacti MDVSA-2010:160 (cacti)
File : nvt/gb_mandriva_MDVSA_2010_160.nasl
2010-05-25Name : Cacti Multiple Cross Site Scripting Vulnerabilities
File : nvt/gb_cacti_40332.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
77097Cacti auth_login.php login_username Parameter SQL Injection
67529Cacti user_admin.php Unspecified Parameter XSS
67528Cacti tree.php Unspecified Parameter XSS
67527Cacti rra.php Unspecified Parameter XSS
67526Cacti lib/rrd.php Unspecified Parameter XSS
67525Cacti lib/html_tree.php Unspecified Parameter XSS
67524Cacti lib/html.php Unspecified Parameter XSS
67523Cacti lib/html_form_template.php Unspecified Parameter XSS
67522Cacti lib/html_form.php Unspecified Parameter XSS
67521Cacti lib/functions.php Unspecified Parameter XSS
67520Cacti host_templates.php Unspecified Parameter XSS
67519Cacti host.php Unspecified Parameter XSS
67518Cacti graph_view.php Unspecified Parameter XSS
67517Cacti graph_templates.php Unspecified Parameter XSS
67516Cacti graph_templates_items.php Unspecified Parameter XSS
67515Cacti graph_templates_inputs.php Unspecified Parameter XSS
67514Cacti graphs.php Unspecified Parameter XSS
67513Cacti graphs_new.php Unspecified Parameter XSS
67512Cacti graph.php Unspecified Parameter XSS
67511Cacti gprint_presets.php Unspecified Parameter XSS
67510Cacti data_templates.php Unspecified Parameter XSS
67509Cacti data_sources.php Unspecified Parameter XSS
67508Cacti data_queries.php Unspecified Parameter XSS
67507Cacti data_input.php Unspecified Parameter XSS
67506Cacti cdef.php Unspecified Parameter XSS
67505Cacti templates_import.php XML Template name Element XSS
67369Cacti data_sources.php host_id Parameter XSS
65014Cacti host.php Multiple Parameter XSS
63972Cacti Multiple Function Hostname Editing Arbitrary Shell Command Execution
60566Cacti graph.php Multiple Parameter XSS

Nessus® Vulnerability Scanner

DateDescription
2014-01-22Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201401-20.nasl - Type : ACT_GATHER_INFO
2012-01-20Name : A web application hosted on the remote web server has multiple cross-site scr...
File : cacti_087g.nasl - Type : ACT_GATHER_INFO
2012-01-12Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2384.nasl - Type : ACT_GATHER_INFO
2011-11-14Name : The remote Fedora host is missing a security update.
File : fedora_2011-15032.nasl - Type : ACT_GATHER_INFO
2011-11-14Name : The remote Fedora host is missing a security update.
File : fedora_2011-15071.nasl - Type : ACT_GATHER_INFO
2011-11-14Name : The remote Fedora host is missing a security update.
File : fedora_2011-15110.nasl - Type : ACT_GATHER_INFO
2010-05-04Name : A web application hosted on the remote web server has multiple vulnerabilities.
File : cacti_087e.nasl - Type : ACT_GATHER_INFO
2010-02-24Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1954.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 11:30:43
  • Multiple Updates
2013-05-11 00:44:15
  • Multiple Updates