Vulnerability Details : CVE-2008-0786
CRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k, when running on older PHP interpreters, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Products affected by CVE-2008-0786
- cpe:2.3:a:cacti:cacti:0.8:*:*:*:*:*:*:*
- cpe:2.3:a:cacti:cacti:0.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:cacti:cacti:0.8.5a:*:*:*:*:*:*:*
- cpe:2.3:a:cacti:cacti:0.8.6c:*:*:*:*:*:*:*
- cpe:2.3:a:cacti:cacti:0.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:cacti:cacti:0.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:cacti:cacti:0.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:cacti:cacti:0.8.7a:*:*:*:*:*:*:*
- cpe:2.3:a:cacti:cacti:0.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:cacti:cacti:0.8.2a:*:*:*:*:*:*:*
- cpe:2.3:a:cacti:cacti:0.8.6f:*:*:*:*:*:*:*
- cpe:2.3:a:cacti:cacti:0.8.6i:*:*:*:*:*:*:*
- cpe:2.3:a:cacti:cacti:0.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:cacti:cacti:0.8.3a:*:*:*:*:*:*:*
- cpe:2.3:a:cacti:cacti:0.8.6j:*:*:*:*:*:*:*
- cpe:2.3:a:cacti:cacti:0.8.7:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-0786
0.73%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 81 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-0786
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2008-0786
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-0786
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:052
Mandriva
-
http://securityreason.com/securityalert/3657
Cacti 0.8.7a Multiple Vulnerabilities - CXSecurity.com
-
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00570.html
[SECURITY] Fedora 8 Update: cacti-0.8.7b-1.fc8
-
http://www.securityfocus.com/archive/1/488018/100/0/threaded
-
http://www.securitytracker.com/id?1019414
Access Denied
-
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00593.html
[SECURITY] Fedora 7 Update: cacti-0.8.7b-1.fc7
-
http://www.securityfocus.com/archive/1/488013/100/0/threaded
-
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
[security-announce] SUSE Security Summary Report SUSE-SR:2008:005 - openSUSE Security Announce - openSUSE Mailing Lists
-
http://www.cacti.net/release_notes_0_8_7b.php
An Error Occurred: Not FoundPatch
-
https://bugzilla.redhat.com/show_bug.cgi?id=432758
432758 – (CVE-2008-0785) cacti: multiple input saintization issues (CVE-2008-0783, CVE-2008-0784, CVE-2008-0785, CVE-2008-0786)
-
http://www.securityfocus.com/bid/27749
Patch
-
http://security.gentoo.org/glsa/glsa-200803-18.xml
Cacti: Multiple vulnerabilities (GLSA 200803-18) — Gentoo security
-
http://www.vupen.com/english/advisories/2008/0540
Site en construction
Jump to