ID CVE-2012-3448
Summary Unspecified vulnerability in Ganglia Web before 3.5.1 allows remote attackers to execute arbitrary PHP code via unknown attack vectors.
References
Vulnerable Configurations
  • Ganglia Web 2.1.0
    cpe:2.3:a:ganglia:ganglia-web:2.1.0
  • Ganglia Web 2.1.1
    cpe:2.3:a:ganglia:ganglia-web:2.1.1
  • Ganglia Web 2.1.2
    cpe:2.3:a:ganglia:ganglia-web:2.1.2
  • Ganglia Web 2.1.3
    cpe:2.3:a:ganglia:ganglia-web:2.1.3
  • Ganglia Web 2.1.5
    cpe:2.3:a:ganglia:ganglia-web:2.1.5
  • Ganglia Web 2.1.6
    cpe:2.3:a:ganglia:ganglia-web:2.1.6
  • Ganglia Web 2.1.7
    cpe:2.3:a:ganglia:ganglia-web:2.1.7
  • Ganglia Web 2.1.8
    cpe:2.3:a:ganglia:ganglia-web:2.1.8
  • Ganglia Web 2.2.0
    cpe:2.3:a:ganglia:ganglia-web:2.2.0
  • Ganglia Web 3.3.0
    cpe:2.3:a:ganglia:ganglia-web:3.3.0
  • Ganglia Web 3.3.1
    cpe:2.3:a:ganglia:ganglia-web:3.3.1
  • Ganglia Web 3.4.1
    cpe:2.3:a:ganglia:ganglia-web:3.4.1
  • Ganglia Web 3.4.2
    cpe:2.3:a:ganglia:ganglia-web:3.4.2
  • Ganglia Web 3.5.0
    cpe:2.3:a:ganglia:ganglia-web:3.5.0
CVSS
Base: 7.5 (as of 07-08-2012 - 16:22)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
description Ganglia Web Frontend < 3.5.1 - PHP Code Execution. CVE-2012-3448. Webapps exploit for php platform
file exploits/php/webapps/38030.php
id EDB-ID:38030
last seen 2016-02-04
modified 2015-08-31
platform php
port
published 2015-08-31
reporter Andrei Costin
source https://www.exploit-db.com/download/38030/
title Ganglia Web Frontend < 3.5.1 - PHP Code Execution
type webapps
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-10727.NASL
    description Fix for arbitrary PHP file execution Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2015-10-20
    plugin id 60123
    published 2012-07-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60123
    title Fedora 16 : ganglia-3.1.7-5.fc16 (2012-10727)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-10699.NASL
    description Fix for arbitrary PHP file execution Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-02
    modified 2015-10-20
    plugin id 60122
    published 2012-07-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60122
    title Fedora 17 : ganglia-3.1.7-6.fc17 (2012-10699)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201412-10.NASL
    description The remote host is affected by the vulnerability described in GLSA-201412-10 (Multiple packages, Multiple vulnerabilities fixed in 2012) Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. EGroupware VTE Layer Four Traceroute (LFT) Suhosin Slock Ganglia Jabber to GaduGadu Gateway Impact : A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. Workaround : There is no known workaround at this time.
    last seen 2018-09-02
    modified 2015-04-13
    plugin id 79963
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79963
    title GLSA-201412-10 : Multiple packages, Multiple vulnerabilities fixed in 2012
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2610.NASL
    description Insufficient input sanitization in Ganglia, a web-based monitoring system, could lead to remote PHP script execution with permissions of the user running the web server.
    last seen 2018-11-11
    modified 2018-11-10
    plugin id 63640
    published 2013-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63640
    title Debian DSA-2610-1 : ganglia - arbitrary script execution
packetstorm via4
data source https://packetstormsecurity.com/files/download/133379/ganglia-exec.txt
id PACKETSTORM:133379
last seen 2016-12-05
published 2015-08-31
reporter Andrei Costin
source https://packetstormsecurity.com/files/133379/Ganglia-Web-Frontend-PHP-Code-Execution.html
title Ganglia Web Frontend PHP Code Execution
refmap via4
bid 54699
confirm
debian DSA-2610
fedora
  • FEDORA-2012-10699
  • FEDORA-2012-10727
misc
mlist [oss-security] 20120801 Re: CVE request: Ganglia Web 3.5.1
secunia 50047
Last major update 02-02-2013 - 00:05
Published 06-08-2012 - 14:55
Last modified 03-08-2018 - 21:29
Back to Top