Cacti < 0.8.8c Multiple Vulnerabilities. Application affected by multiple vulnerabilities including XSS, SQL injection, XSRF, and improper escaping of shell metacharacters
Reporter | Title | Published | Views | Family All 141 |
---|---|---|---|---|
OpenVAS | Fedora Update for cacti FEDORA-2014-4928 | 21 Apr 201400:00 | – | openvas |
OpenVAS | Fedora Update for cacti FEDORA-2014-4928 | 21 Apr 201400:00 | – | openvas |
OpenVAS | Fedora Update for cacti FEDORA-2014-7849 | 15 Jul 201400:00 | – | openvas |
OpenVAS | Gentoo Security Advisory GLSA 201509-03 | 29 Sep 201500:00 | – | openvas |
OpenVAS | Debian Security Advisory DSA 2970-1 (cacti - security update) | 29 Jun 201400:00 | – | openvas |
OpenVAS | Debian: Security Advisory (DSA-2970-1) | 28 Jun 201400:00 | – | openvas |
OpenVAS | Fedora Update for cacti FEDORA-2014-4892 | 21 Apr 201400:00 | – | openvas |
OpenVAS | Amazon Linux: Security Advisory (ALAS-2014-347) | 8 Sep 201500:00 | – | openvas |
OpenVAS | Fedora Update for cacti FEDORA-2014-4892 | 21 Apr 201400:00 | – | openvas |
OpenVAS | Fedora Update for cacti FEDORA-2014-7836 | 15 Jul 201400:00 | – | openvas |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(81603);
script_version("1.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/09/24");
script_cve_id(
"CVE-2013-5588",
"CVE-2013-5589",
"CVE-2014-2326",
"CVE-2014-2327",
"CVE-2014-2328",
"CVE-2014-2708",
"CVE-2014-2709",
"CVE-2014-4002",
"CVE-2014-5025",
"CVE-2014-5026"
);
script_bugtraq_id(
62001,
62005,
66387,
66390,
66392,
66555,
66630,
68257,
68759
);
script_name(english:"Cacti < 0.8.8c Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The remote web server is running a PHP application that is affected by
multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the Cacti application
running on the remote web server is prior to version 0.8.8c. It is,
therefore, potentially affected by the following vulnerabilities :
- Multiple XSS vulnerabilities exist in the 'step'
parameter to 'install/index.php' and the 'id'
parameter in 'cacti/host.php'. (CVE-2013-5588)
- A SQL injection vulnerability in the 'id' parameter to
'cacti/host.php' could allow remote attackers to inject
arbitrary SQL commands. (CVE-2013-5589)
- An XSS vulnerability exists via unspecified vectors to
'cdef.php'. (CVE-2014-2326)
- A XSRF vulnerability exists that allows remote attackers
to hijack the authentication of users for unspecified
commands. (CVE-2014-2327)
- A flaw exists in 'lib/graph_export.php' that allows
remote authenticated users to execute arbitrary commands
via shell metacharacters in unspecified vectors.
(CVE-2014-2328)
- Multiple SQL injection vulnerabilities exist in
'graph_xport.php' which allow remote attackers to inject
arbitrary SQL commands. (CVE-2014-2708)
- Improper escaping of shell metacharacters in unspecified
parameters allows remote attackers to execute arbitrary
commands. (CVE-2014-2709)
- Multiple XSS vulnerabilities exist that allow attackers
to inject arbitrary script data using the 'drp_action',
'graph_template_input_id', and 'graph_template_id'
parameters to various PHP scripts. (CVE-2014-4002)
- A XSS vulnerability exists in 'data_sources.php' which
allows a remote, authenticated user with console access
to inject arbitrary script data via the 'name_cache'
parameter in a ds_edit action. (CVE-2014-5025)
- Multiple XSS vulnerabilities exists that allow attackers
to inject arbitrary script data via 'Graph Tree Title',
'CDEF Name', 'Data Input Method Name', 'Host Templates
Name', 'Data Source Title', 'Graph Title', or 'Graph
Template Name' when carried out under delete, edit, or
duplicate actions. (CVE-2014-5026)");
script_set_attribute(attribute:"see_also", value:"http://www.cacti.net/release_notes_0_8_8c.php");
script_set_attribute(attribute:"solution", value:
"Upgrade to Cacti 0.8.8c or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:ND");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/10/20");
script_set_attribute(attribute:"patch_publication_date", value:"2014/11/23");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/03");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:cacti:cacti");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_set_attribute(attribute:"enable_cgi_scanning", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2015-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cacti_detect.nbin");
script_require_keys("www/PHP", "installed_sw/cacti", "Settings/ParanoidReport");
script_exclude_keys("Settings/disable_cgi_scanning");
script_require_ports("Services/www", 80);
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("install_func.inc");
if (report_paranoia < 2) audit(AUDIT_PARANOID);
app = 'cacti';
get_install_count(app_name:app, exit_if_zero:TRUE);
port = get_http_port(default:80, php:TRUE);
install = get_single_install(
app_name : app,
port : port,
exit_if_unknown_ver : TRUE
);
install_url = build_url(qs:install['path'], port:port);
version = install['version'];
# Versions < 0.8.8c are affected.
ver = split(version, sep:'.', keep:FALSE);
if (
int(ver[0]) == 0 &&
(
int(ver[1]) < 8 ||
(int(ver[1]) == 8 && ver[2] =~ '^([0-7][a-z]?|8[ab]?)$')
)
)
{
set_kb_item(name:'www/'+port+'/SQLInjection', value:TRUE);
set_kb_item(name:'www/'+port+'/XSS', value:TRUE);
set_kb_item(name:'www/'+port+'/XSRF', value:TRUE);
if (report_verbosity > 0)
{
report = '\n URL : ' + install_url +
'\n Installed version : ' + version +
'\n Fixed version : 0.8.8c' +
'\n';
security_hole(port:port, extra:report);
}
else security_hole(port);
exit(0);
}
audit(AUDIT_WEB_APP_NOT_AFFECTED, "Cacti", install_url, version);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo