5

CVE-2008-0784

Exploit
graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allows remote attackers to obtain the full path via an invalid local_graph_id parameter and other unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CactiCacti Version0.6.7
CactiCacti Version0.8
CactiCacti Version0.8.1
CactiCacti Version0.8.2
CactiCacti Version0.8.2a
CactiCacti Version0.8.3
CactiCacti Version0.8.3a
CactiCacti Version0.8.4
CactiCacti Version0.8.5
CactiCacti Version0.8.5a
CactiCacti Version0.8.6c
CactiCacti Version0.8.6f
CactiCacti Version0.8.6i
CactiCacti Version0.8.6j
CactiCacti Version0.8.7
CactiCacti Version0.8.7a
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.22% 0.803
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
http://secunia.com/advisories/29242
http://secunia.com/advisories/28872
Vendor Advisory
http://secunia.com/advisories/28976
http://secunia.com/advisories/29274
http://security.gentoo.org/glsa/glsa-200803-18.xml
http://securityreason.com/securityalert/3657
http://www.cacti.net/release_notes_0_8_7b.php
Patch
http://www.mandriva.com/security/advisories?name=MDVSA-2008:052
http://www.securityfocus.com/archive/1/488013/100/0/threaded
http://www.securityfocus.com/archive/1/488018/100/0/threaded
http://www.securityfocus.com/bid/27749
Patch
Exploit
http://www.securitytracker.com/id?1019414
http://www.vupen.com/english/advisories/2008/0540
https://bugzilla.redhat.com/show_bug.cgi?id=432758
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00570.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00593.html