Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2149

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2005-2149
Last Modified 07 Mar 2011 09:23:29
Published 06 Jul 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2149

Summary

config.php in Cacti 0.8.6e and earlier allows remote attackers to set the no_http_headers switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks.

Vulnerable Systems

Application

  • The Cacti Group Cacti 0.8

  • The Cacti Group Cacti 0.8.1

  • The Cacti Group Cacti 0.8.2

  • The Cacti Group Cacti 0.8.2a

  • The Cacti Group Cacti 0.8.3

  • The Cacti Group Cacti 0.8.3a

  • The Cacti Group Cacti 0.8.4

  • The Cacti Group Cacti 0.8.5

  • The Cacti Group Cacti 0.8.5a

  • The Cacti Group Cacti 0.8.6

  • The Cacti Group Cacti 0.8.6a

  • The Cacti Group Cacti 0.8.6b

  • The Cacti Group Cacti 0.8.6c

  • The Cacti Group Cacti 0.8.6d

  • The Cacti Group Cacti 0.8.6e


References

MISC - http://www.hardened-php.net/advisory-052005.php

CONFIRM - http://www.cacti.net/downloads/patches/0.8.6e/cacti-0.8.6f_security.patch

MLIST - [cacti-announce] 20050701 Cacti 0.8.6f Released

VUPEN - ADV-2005-0951

BUGTRAQ - 20050702 Advisory 05/2005: Cacti Authentification/Addslashes Bypass Vulnerability

BID - 14130

DEBIAN - DSA-764

SECTRACK - 1014361


Last Updated: 27 May 2016 10:40:24