Lucene search

MitreCVELIST:CVE-2008-0786

HistoryFeb 14, 2008 - 10:00 p.m.

CVE-2008-0786

2008-02-1422:00:00

mitre

www.cve.org

6.7 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.3%

JSON

CRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k, when running on older PHP interpreters, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

References

lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html

secunia.com/advisories/28872

secunia.com/advisories/28976

secunia.com/advisories/29242

secunia.com/advisories/29274

security.gentoo.org/glsa/glsa-200803-18.xml

securityreason.com/securityalert/3657

www.cacti.net/release_notes_0_8_7b.php

www.mandriva.com/security/advisories?name=MDVSA-2008:052

www.securityfocus.com/archive/1/488013/100/0/threaded

www.securityfocus.com/archive/1/488018/100/0/threaded

www.securityfocus.com/bid/27749

www.securitytracker.com/id?1019414

www.vupen.com/english/advisories/2008/0540

bugzilla.redhat.com/show_bug.cgi?id=432758

www.redhat.com/archives/fedora-package-announce/2008-February/msg00570.html

www.redhat.com/archives/fedora-package-announce/2008-February/msg00593.html