Lucene search

K
amazonAmazonALAS-2013-222
HistorySep 04, 2013 - 1:33 p.m.

Medium: cacti

2013-09-0413:33:00
alas.aws.amazon.com
8

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

85.4%

Issue Overview:

(1) snmp.php and (2) rrd.php in Cacti before 0.8.8b allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.

Multiple SQL injection vulnerabilities in (1) api_poller.php and (2) utility.php in Cacti before 0.8.8b allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

Affected Packages:

cacti

Issue Correction:
Run yum update cacti to update your system.

New Packages:

noarch:  
    cacti-0.8.8b-2.10.amzn1.noarch  
  
src:  
    cacti-0.8.8b-2.10.amzn1.src  

Additional References

Red Hat: CVE-2013-1434, CVE-2013-1435

Mitre: CVE-2013-1434, CVE-2013-1435

OSVersionArchitecturePackageVersionFilename
Amazon Linux1noarchcacti< 0.8.8b-2.10.amzn1cacti-0.8.8b-2.10.amzn1.noarch.rpm

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

85.4%