logo
DATABASE RESOURCES PRICING ABOUT US

Cacti cross-site request forgery Vulnerability, CVE-2 0 1 4-2 3 2 7-the vulnerability warning-the black bar safety net

Description

Affected system: > Cacti Cacti 0.8.8 b Cacti Cacti 0.8.7 f Description: * * * BUGTRAQ ID: [6 6 3 9 2](<http://www.securityfocus.com/bid/66392>) CVE(CAN) ID: [CVE-2 0 1 4-2 3 2 7](<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2327>) Cacti is a round Robin database, RRD tool, you can help from the database information to create a graphic, there are multiple Linux versions. Cacti 0.8.8 b and earlier version in the realization of the presence of cross-site request forgery vulnerability, which allows remote attackers to modify a binary file, modify the configuration or add any user request, the use of this vulnerability to hijack a user's authentication. <*source: Deutsche Telekom CERT Link:<http://secunia.com/advisories/57647> *> Recommendations: * * * Manufacturers patch: Cacti -- The current vendors have released an upgrade patch to fix this security issue, please go to the manufacturers home page download: <http://bugs.cacti.net/view.php?id=2431> <http://bugs.cacti.net/view.php?id=2405> [debian-bugs-dist@lists.debian.org](<http://www.mail-archive.com/%3Ca%20href=>)/msg1209356.html” target=”_blank”>http://www.mail-archive.com/[debian-bugs-dist@lists.debian.org](<mailto:debian-bugs-dist@lists.debian.org>)/msg1209356.html <http://www.securityfocus.com/archive/1/531588>


Related