Lucene search

K
osvGoogleOSV:DLA-255-1
HistoryJun 27, 2015 - 12:00 a.m.

cacti - security update

2015-06-2700:00:00
Google
osv.dev
7

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

76.3%

Several vulnerabilities (cross-site scripting and SQL injection) have
been discovered in Cacti, a web interface for graphing of monitoring
systems.

We recommend that you upgrade your cacti packages.

  • CVE-2015-2665
    Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d
    allows remote attackers to inject arbitrary web script or HTML via
    unspecified vectors.

  • CVE-2015-4342
    SQL Injection and Location header injection from cdef id

  • CVE-2015-4454
    SQL injection vulnerability in the get_hash_graph_template function
    in lib/functions.php in Cacti before 0.8.8d allows remote attackers
    to execute arbitrary SQL commands via the graph_template_id
    parameter to graph_templates.php

  • Unassigned CVE SQL injection VN:JVN#78187936 / TN:JPCERT#98968540

SQL injection vulnerability in the settings page

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

76.3%