Lucene search

AmazonALAS-2014-381

HistoryJul 23, 2014 - 1:54 p.m.

Medium: cacti

2014-07-2313:54:00

alas.aws.amazon.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

64.6%

JSON

Issue Overview:

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the (1) drp_action parameter to cdef.php, (2) data_input.php, (3) data_queries.php, (4) data_sources.php, (5) data_templates.php, (6) graph_templates.php, (7) graphs.php, (8) host.php, or (9) host_templates.php or the (10) graph_template_input_id or (11) graph_template_id parameter to graph_templates_inputs.php.

Affected Packages:

cacti

Issue Correction:
Run yum update cacti to update your system.

New Packages:

noarch:  
    cacti-0.8.8b-7.5.amzn1.noarch  
  
src:  
    cacti-0.8.8b-7.5.amzn1.src

Additional References

Red Hat: CVE-2014-4002

Mitre: CVE-2014-4002

OSVersionArchitecturePackageVersionFilename
Amazon Linux1noarchcacti< 0.8.8b-7.5.amzn1cacti-0.8.8b-7.5.amzn1.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
Amazon Linux	1	noarch	cacti	< 0.8.8b-7.5.amzn1	cacti-0.8.8b-7.5.amzn1.noarch.rpm

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

64.6%

JSON

Related for ALAS-2014-381