Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0786

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-0786
Last Modified 07 Mar 2011 10:05:27
Published 14 Feb 2008 06:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-0786

Summary

CRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k, when running on older PHP interpreters, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Vulnerable Systems

Application

  • Cacti 0.6.7

  • Cacti 0.8

  • Cacti 0.8.1

  • Cacti 0.8.2

  • Cacti 0.8.2a

  • Cacti 0.8.3

  • Cacti 0.8.3a

  • Cacti 0.8.4

  • Cacti 0.8.5

  • Cacti 0.8.5a

  • Cacti 0.8.6c

  • Cacti 0.8.6f

  • Cacti 0.8.6i

  • Cacti 0.8.6j

  • Cacti 0.8.7

  • Cacti 0.8.7a


References

BID - 27749

CONFIRM - http://www.cacti.net/release_notes_0_8_7b.php

VUPEN - ADV-2008-0540

SECTRACK - 1019414

BUGTRAQ - 20080212 Cacti 0.8.7a Multiple Vulnerabilities

BUGTRAQ - 20080212 cacti -- Multiple security vulnerabilities have been discovered

SECUNIA - 28872

FEDORA - FEDORA-2008-1737

FEDORA - FEDORA-2008-1699

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=432758

MANDRIVA - MDVSA-2008:052

SREASON - 3657

GENTOO - GLSA-200803-18

SECUNIA - 29274

SECUNIA - 29242

SECUNIA - 28976

SUSE - SUSE-SR:2008:005


Last Updated: 27 May 2016 10:46:56