CVE-2007-3112 - graph_image.php in Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to c

CVE-2007-3112

Summary

graph_image.php in Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_start or (2) graph_end parameter, different vectors than CVE-2007-3113. The vendor

References

Vulnerable Configurations

cpe:2.3:a:the_cacti_group:cacti:*:*:*:*:*:*:*:*
cpe:2.3:a:the_cacti_group:cacti:*:*:*:*:*:*:*:*

CVSS

Base:	7.8 (as of 29-07-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:C

refmap via4

confirm	http://bugs.cacti.net/view.php?id=955 http://svn.cacti.net/cgi-bin/viewcvs.cgi/branches/BRANCH_0_8_6/cacti/graph_image.php?rev=3956&r1=3898&r2=3956
fedora	FEDORA-2007-2199
fulldisc	20070605 Cacti Denial of Service
mandriva	MDKSA-2007:184
misc	http://mdessus.free.fr/?p=15 https://bugzilla.redhat.com/show_bug.cgi?id=243592
osvdb	37019
secunia	25557 26872
xf	cacti-graphstart-graphend-dos(34747)

Last major update

29-07-2017 - 01:31

Published

07-06-2007 - 21:30

Last modified

29-07-2017 - 01:31