Vulnerability Name: | CVE-2008-0786 (CCN-40454) | ||||||||
Assigned: | 2008-02-12 | ||||||||
Published: | 2008-02-12 | ||||||||
Updated: | 2018-10-15 | ||||||||
Summary: | CRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k, when running on older PHP interpreters, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | ||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-94 | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: MITRE Type: CNA CVE-2008-0786 Source: SUSE Type: UNKNOWN SUSE-SR:2008:005 Source: CCN Type: SA28872 Cacti Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 28872 Source: SECUNIA Type: UNKNOWN 28976 Source: SECUNIA Type: UNKNOWN 29242 Source: SECUNIA Type: UNKNOWN 29274 Source: GENTOO Type: UNKNOWN GLSA-200803-18 Source: SREASON Type: UNKNOWN 3657 Source: CCN Type: SECTRACK ID: 1019414 Cacti Input Validation Hole Permits Cross-Site Scripting Attacks and Input Validation Flaw Lets Remote Users Inject SQL Commands Source: CCN Type: Cacti Web site Release Notes - 0.8.7b Source: CONFIRM Type: Patch http://www.cacti.net/release_notes_0_8_7b.php Source: CCN Type: GLSA-200803-18 Cacti: Multiple vulnerabilities Source: MANDRIVA Type: UNKNOWN MDVSA-2008:052 Source: CCN Type: OSVDB ID: 41741 Cacti Unspecified CRLF Source: BUGTRAQ Type: UNKNOWN 20080212 cacti -- Multiple security vulnerabilities have been discovered Source: BUGTRAQ Type: UNKNOWN 20080212 Cacti 0.8.7a Multiple Vulnerabilities Source: BID Type: Patch 27749 Source: CCN Type: BID-27749 Cacti Multiple Input Validation Vulnerabilities Source: SECTRACK Type: UNKNOWN 1019414 Source: VUPEN Type: UNKNOWN ADV-2008-0540 Source: CONFIRM Type: UNKNOWN https://bugzilla.redhat.com/show_bug.cgi?id=432758 Source: XF Type: UNKNOWN cacti-unspecified-response-splitting(40454) Source: FEDORA Type: UNKNOWN FEDORA-2008-1699 Source: FEDORA Type: UNKNOWN FEDORA-2008-1737 Source: SUSE Type: SUSE-SR:2008:005 SUSE Security Summary Report | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
Oval Definitions | |||||||||
| |||||||||
BACK |