CVE-2008-0786
CVE information
Published
Last Modified
CVSSv2.0 Severity
Impact Analysis
Description
CRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k, when running on older PHP interpreters, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors..
CVSSv2.0 Score
- Severity
- Medium
- Base Score
- 4.3/10
- Exploit Score
- 8.6/10
- Access Vector
- Network
- Access Complexity
- Medium
- Authentication Required
- None
- Impact Score
- 2.9/10
- Confidentiality Impact
- None
- Availability Impact
- None
- Integrity Impact
- Partial
Products Affected
CPE | Affected | Vulnerable | Excluding | Edit |
---|---|---|---|---|
cpe:2.3:a:cacti:cacti:0.8.7:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:cacti:cacti:0.8.5a:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:cacti:cacti:0.8.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:cacti:cacti:0.8.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:cacti:cacti:0.8.5:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:cacti:cacti:0.8.7a:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:cacti:cacti:0.8.6f:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:cacti:cacti:0.8.6j:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:cacti:cacti:0.8:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:cacti:cacti:0.8.6i:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:cacti:cacti:0.8.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:cacti:cacti:0.8.6c:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:cacti:cacti:0.6.7:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:cacti:cacti:0.8.3a:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:cacti:cacti:0.8.4:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:cacti:cacti:0.8.2a:*:*:*:*:*:*:* |
Yes
|
- | - |
References
- http://www.cacti.net/release_notes_0_8_7b.php
- http://www.securityfocus.com/bid/27749
- http://www.securitytracker.com/id?1019414
- http://secunia.com/advisories/28872
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:052
- https://bugzilla.redhat.com/show_bug.cgi?id=432758
- https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00570.html
- https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00593.html
- http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
- http://secunia.com/advisories/28976
- http://secunia.com/advisories/29242
- http://security.gentoo.org/glsa/glsa-200803-18.xml
- http://secunia.com/advisories/29274
- http://securityreason.com/securityalert/3657
- http://www.vupen.com/english/advisories/2008/0540
- http://www.securityfocus.com/archive/1/488018/100/0/threaded
- http://www.securityfocus.com/archive/1/488013/100/0/threaded