Lucene search

GoogleOSV:DLA-40-1

HistoryAug 22, 2014 - 12:00 a.m.

cacti - security update

2014-08-2200:00:00

Google

osv.dev

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

61.9%

JSON

Multiple security issues (cross-site scripting, missing input sanitizing
and SQL injection) have been discovered in Cacti, a web interface for
graphing of monitoring systems.

Furthermore, the fix for CVE-2014-4002 in the previous security update
has been brought in-line with the upstream fix as it caused a
regression for people using the plug-in system.

For Debian 6 Squeeze, these issues have been fixed in cacti version 0.8.7g-1+squeeze5

CPENameOperatorVersion
cactieq0.8.7g-1
cactieq0.8.7g-1+squeeze1
cactieq0.8.7g-1+squeeze2
cactieq0.8.7g-1+squeeze3
cactieq0.8.7g-1+squeeze4

Name	Operator	Version
cacti	eq	0.8.7g-1
cacti	eq	0.8.7g-1+squeeze1
cacti	eq	0.8.7g-1+squeeze2
cacti	eq	0.8.7g-1+squeeze3
cacti	eq	0.8.7g-1+squeeze4

References

www.debian.org/lts/security/2014/dla-40

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

61.9%

JSON

Related for OSV:DLA-40-1