CVE-2008-0786

CRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k, when running on older PHP interpreters, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
http://secunia.com/advisories/28872	Vendor Advisory
http://secunia.com/advisories/28976
http://secunia.com/advisories/29242
http://secunia.com/advisories/29274
http://security.gentoo.org/glsa/glsa-200803-18.xml
http://securityreason.com/securityalert/3657
http://www.cacti.net/release_notes_0_8_7b.php	Patch
http://www.mandriva.com/security/advisories?name=MDVSA-2008:052
http://www.securityfocus.com/archive/1/488013/100/0/threaded
http://www.securityfocus.com/archive/1/488018/100/0/threaded
http://www.securityfocus.com/bid/27749	Patch
http://www.securitytracker.com/id?1019414
http://www.vupen.com/english/advisories/2008/0540
https://bugzilla.redhat.com/show_bug.cgi?id=432758
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00570.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00593.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cacti:cacti:0.6.7:::::::*
	cpe:2.3:a:cacti:cacti:0.8:::::::*
	cpe:2.3:a:cacti:cacti:0.8.1:::::::*
	cpe:2.3:a:cacti:cacti:0.8.2:::::::*
	cpe:2.3:a:cacti:cacti:0.8.2a:::::::*
	cpe:2.3:a:cacti:cacti:0.8.3:::::::*
	cpe:2.3:a:cacti:cacti:0.8.3a:::::::*
	cpe:2.3:a:cacti:cacti:0.8.4:::::::*
	cpe:2.3:a:cacti:cacti:0.8.5:::::::*
	cpe:2.3:a:cacti:cacti:0.8.5a:::::::*
	cpe:2.3:a:cacti:cacti:0.8.6c:::::::*
	cpe:2.3:a:cacti:cacti:0.8.6f:::::::*
	cpe:2.3:a:cacti:cacti:0.8.6i:::::::*
	cpe:2.3:a:cacti:cacti:0.8.6j:::::::*
	cpe:2.3:a:cacti:cacti:0.8.7:::::::*
	cpe:2.3:a:cacti:cacti:0.8.7a:::::::*

History

No history.

Information

Published : 2008-02-14 23:00

Updated : 2023-12-10 10:40

NVD link : CVE-2008-0786

Mitre link : CVE-2008-0786

CVE.ORG link : CVE-2008-0786

JSON object : View

Products Affected

cacti

cacti

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

4.3 /10