CVE-2008-0786

EPSS 1.01%
Published 14.02.2008 23:00:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

CRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k, when running on older PHP interpreters, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Affected products Warnungen 0 Metrics 2 CWE 1 References 20

Data is provided by the National Vulnerability Database (NVD)

Cacti ≫ Cacti Version0.6.7

Cacti ≫ Cacti Version0.8

Cacti ≫ Cacti Version0.8.1

Cacti ≫ Cacti Version0.8.2

Cacti ≫ Cacti Version0.8.2a

Cacti ≫ Cacti Version0.8.3

Cacti ≫ Cacti Version0.8.3a

Cacti ≫ Cacti Version0.8.4

Cacti ≫ Cacti Version0.8.5

Cacti ≫ Cacti Version0.8.5a

Cacti ≫ Cacti Version0.8.6c

Cacti ≫ Cacti Version0.8.6f

Cacti ≫ Cacti Version0.8.6i

Cacti ≫ Cacti Version0.8.6j

Cacti ≫ Cacti Version0.8.7

Cacti ≫ Cacti Version0.8.7a

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.01%	0.762

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html

http://secunia.com/advisories/29242

http://secunia.com/advisories/28872

Vendor Advisory

http://secunia.com/advisories/28976

http://secunia.com/advisories/29274

http://security.gentoo.org/glsa/glsa-200803-18.xml

http://securityreason.com/securityalert/3657

http://www.cacti.net/release_notes_0_8_7b.php

Patch

http://www.mandriva.com/security/advisories?name=MDVSA-2008:052

http://www.securityfocus.com/archive/1/488013/100/0/threaded