Vulnerability Details : CVE-2007-3112
graph_image.php in Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_start or (2) graph_end parameter, different vectors than CVE-2007-3113.
Vulnerability category: Denial of service
Products affected by CVE-2007-3112
- cpe:2.3:a:the_cacti_group:cacti:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-3112
10.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-3112
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST |
References for CVE-2007-3112
-
http://fedoranews.org/updates/FEDORA-2007-219.shtml
404 Not Found
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:184
Mandriva
-
https://bugzilla.redhat.com/show_bug.cgi?id=243592
243592 – (CVE-2007-3113) CVE-2007-3112, CVE-2007-3113: cacti DoS vulnerabilities
-
http://bugs.cacti.net/view.php?id=955
-
http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0074.html
-
http://svn.cacti.net/cgi-bin/viewcvs.cgi/branches/BRANCH_0_8_6/cacti/graph_image.php?rev=3956&r1=3898&r2=3956
Patch
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/34747
Cacti graph_image.php denial of service CVE-2007-3113 Vulnerability Report
-
http://mdessus.free.fr/?p=15
Free Pages Personnelles: Erreur 403 - Refus de traitement de la requête (Interdit - Forbidden)
Jump to