Lucene search

PRIOn knowledge basePRION:CVE-2014-2327

HistoryApr 23, 2014 - 3:55 p.m.

Cross site request forgery (csrf)

2014-04-2315:55:00

PRIOn knowledge base

www.prio-n.com

7.6 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

74.5%

JSON

Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that (1) modify binary files, (2) modify configurations, or (3) add arbitrary users.

CPENameOperatorVersion
cactige0.8.7
cactile0.8.7
cactige0.8.8
cactile0.8.8
debian_linuxeq8.0
debian_linuxeq7.0
opensuseeq13.1
opensuseeq13.2

Name	Operator	Version
cacti	ge	0.8.7
cacti	le	0.8.7
cacti	ge	0.8.8
cacti	le	0.8.8
debian_linux	eq	8.0
debian_linux	eq	7.0
opensuse	eq	13.1
opensuse	eq	13.2

References

jvn.jp/en/jp/JVN55076671/index.html

jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-002239.html

lists.opensuse.org/opensuse-updates/2015-03/msg00034.html

secunia.com/advisories/59203

www.debian.org/security/2014/dsa-2970

www.securityfocus.com/archive/1/531588

www.securityfocus.com/bid/66392

bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768

security.gentoo.org/glsa/201509-03

7.6 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

74.5%

JSON

Related for PRION:CVE-2014-2327