Lucene search

K
osvGoogleOSV:DLA-40-1
HistoryAug 22, 2014 - 12:00 a.m.

cacti - security update

2014-08-2200:00:00
Google
osv.dev
21
cacti
security update
debian 6 squeeze
cross-site scripting
input sanitizing
sql injection
cve-2014-4002
web interface
monitoring systems
regression
plug-in system

EPSS

0.002

Percentile

65.0%

Multiple security issues (cross-site scripting, missing input sanitizing
and SQL injection) have been discovered in Cacti, a web interface for
graphing of monitoring systems.

Furthermore, the fix for CVE-2014-4002 in the previous security update
has been brought in-line with the upstream fix as it caused a
regression for people using the plug-in system.

For Debian 6 Squeeze, these issues have been fixed in cacti version 0.8.7g-1+squeeze5