Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-4032

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2009-4032
Last Modified 15 Feb 2012 12:00:00
Published 29 Nov 2009 08:07:34
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-4032

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) graph.php, (2) include/top_graph_header.php, (3) lib/html_form.php, and (4) lib/timespan_settings.php, as demonstrated by the (a) graph_end or (b) graph_start parameters to graph.php; (c) the date1 parameter in a tree action to graph_view.php; and the (d) page_refresh and (e) default_dual_pane_width parameters to graph_settings.php.

Vulnerable Systems

Application

  • Cacti 0.8.7e


References

VUPEN - ADV-2009-3325

BID - 37109

MLIST - [oss-security] 20091125 Re: CVE Request - Cacti - 0.8.7e

MLIST - [oss-security] 20091125 CVE Request - Cacti - 0.8.7e

CONFIRM - http://www.cacti.net/downloads/patches/0.8.7e/cross_site_fix.patch

CONFIRM - http://docs.cacti.net/#cross-site_scripting_fixes

FEDORA - FEDORA-2009-12560

FEDORA - FEDORA-2009-12575

REDHAT - RHSA-2010:0635

XF - cacti-name-xss(54388)

BUGTRAQ - 20091126 Cacti 0.8.7e: Multiple security issues

OSVDB - 60483

MLIST - [oss-security] 20091130 Re: CVE Request - Cacti - 0.8.7e

MLIST - [oss-security] 20091126 Re: CVE Request - Cacti - 0.8.7e

CONFIRM - http://www.cacti.net/download_patches.php

SECUNIA - 41041

SECUNIA - 38087

SECUNIA - 37934

SECUNIA - 37481

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=294573

FULLDISC - 20091125 Cacti 0.8.7e: Multiple security issues

VUPEN - ADV-2010-2132


Last Updated: 27 May 2016 10:58:16