Lucene search

K
debianDebianDEBIAN:45D9EE4FE4D2257507CE07558320C581:9334B
HistoryJul 15, 2014 - 7:22 a.m.

cacti security update

2014-07-1507:22:31
lists.debian.org
18
cacti
security update
version 0.8.7g-1+squeeze4
cve-2014-2326
cross-site scripting
cross-site request forgery
sql injections
missing input sanitising

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.012

Percentile

85.7%

Package : cacti
Version : 0.8.7g-1+squeeze4
CVE ID : CVE-2014-2326 CVE-2014-2327 CVE-2014-2328
CVE-2014-2708 CVE-2014-2709 CVE-2014-4002
Debian Bug : 742768 743565 752573

Multiple security issues (cross-site scripting, cross-site request
forgery, SQL injections, missing input sanitising) have been found in
Cacti, a web frontend for RRDTool.

OSVersionArchitecturePackageVersionFilename
Debian7allcacti< 0.8.8a+dfsg-5+deb7u3cacti_0.8.8a+dfsg-5+deb7u3_all.deb
Debian6allcacti< 0.8.7g-1+squeeze4cacti_0.8.7g-1+squeeze4_all.deb

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.012

Percentile

85.7%