7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
76.7%
Package : cacti
Version : 0.8.7g-1+squeeze6
CVE ID : CVE-2015-2665 CVE-2015-4342 CVE-2015-4454
Several vulnerabilities (cross-site scripting and SQL injection) have
been discovered in Cacti, a web interface for graphing of monitoring
systems.
We recommend that you upgrade your cacti packages.
CVE-2015-2665
Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d
allows remote attackers to inject arbitrary web script or HTML via
unspecified vectors.
CVE-2015-4342
SQL Injection and Location header injection from cdef id
CVE-2015-4454
SQL injection vulnerability in the get_hash_graph_template function
in lib/functions.php in Cacti before 0.8.8d allows remote attackers
to execute arbitrary SQL commands via the graph_template_id
parameter to graph_templates.php
Unassigned CVE SQL injection VN:JVN#78187936 / TN:JPCERT#98968540
SQL injection vulnerability in the settings page
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 8 | all | cacti | < 0.8.8b+dfsg-8+deb8u1 | cacti_0.8.8b+dfsg-8+deb8u1_all.deb |
Debian | 7 | all | cacti | < 0.8.8a+dfsg-5+deb7u5 | cacti_0.8.8a+dfsg-5+deb7u5_all.deb |
Debian | 6 | all | cacti | < 0.8.7g-1+squeeze6 | cacti_0.8.7g-1+squeeze6_all.deb |