CVE-2008-0786

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2008-0786
CRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k, when running on older PHP interpreters, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://www.cacti.net/release_notes_0_8_7b.php Patch
http://www.securityfocus.com/bid/27749 Patch
http://www.securitytracker.com/id?1019414
http://secunia.com/advisories/28872 Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:052
https://bugzilla.redhat.com/show_bug.cgi?id=432758
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00570.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00593.html
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
http://secunia.com/advisories/28976
http://secunia.com/advisories/29242
http://security.gentoo.org/glsa/glsa-200803-18.xml
http://secunia.com/advisories/29274
http://securityreason.com/securityalert/3657
http://www.vupen.com/english/advisories/2008/0540
http://www.securityfocus.com/archive/1/488018/100/0/threaded
http://www.securityfocus.com/archive/1/488013/100/0/threaded
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cacti:cacti:0.8.1:*:*:*:*:*:*:*
cpe:2.3:a:cacti:cacti:0.8.2:*:*:*:*:*:*:*
cpe:2.3:a:cacti:cacti:0.8.6c:*:*:*:*:*:*:*
cpe:2.3:a:cacti:cacti:0.8.6f:*:*:*:*:*:*:*
cpe:2.3:a:cacti:cacti:0.6.7:*:*:*:*:*:*:*
cpe:2.3:a:cacti:cacti:0.8:*:*:*:*:*:*:*
cpe:2.3:a:cacti:cacti:0.8.5:*:*:*:*:*:*:*
cpe:2.3:a:cacti:cacti:0.8.5a:*:*:*:*:*:*:*
cpe:2.3:a:cacti:cacti:0.8.3a:*:*:*:*:*:*:*
cpe:2.3:a:cacti:cacti:0.8.4:*:*:*:*:*:*:*
cpe:2.3:a:cacti:cacti:0.8.7:*:*:*:*:*:*:*
cpe:2.3:a:cacti:cacti:0.8.3:*:*:*:*:*:*:*
cpe:2.3:a:cacti:cacti:0.8.7a:*:*:*:*:*:*:*
cpe:2.3:a:cacti:cacti:0.8.6j:*:*:*:*:*:*:*
cpe:2.3:a:cacti:cacti:0.8.6i:*:*:*:*:*:*:*
cpe:2.3:a:cacti:cacti:0.8.2a:*:*:*:*:*:*:*
Information

Published : 2008-02-14 15:00

Updated : 2018-10-15 15:03

NVD link : CVE-2008-0786

Mitre link : CVE-2008-0786

JSON object : View

CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')

Advertisement

dedicated server usa
Products Affected

cacti

  • cacti