All the vulnerabilites related to The Cacti Group - Cacti
jvndb-2009-003901
Vulnerability from jvndb
Published
2015-07-09 14:41
Modified
2015-07-09 14:41
Summary
Cacti vulnerable to cross-site scripting
Details
Cacti is a web application that graphs stored data collected from network devices. Cacti contains a cross-site scripting vulnerability (CWE-79) due to a flaw in processing parameters in graph_view.php.
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| The Cacti Group | Cacti |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-003901.html",
"dc:date": "2015-07-09T14:41+09:00",
"dcterms:issued": "2015-07-09T14:41+09:00",
"dcterms:modified": "2015-07-09T14:41+09:00",
"description": "Cacti is a web application that graphs stored data collected from network devices. Cacti contains a cross-site scripting vulnerability (CWE-79) due to a flaw in processing parameters in graph_view.php.\r\n\r\nGaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-003901.html",
"sec:cpe": {
"#text": "cpe:/a:cacti:cacti",
"@product": "Cacti",
"@vendor": "The Cacti Group",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2009-003901",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN09758120/index.html",
"@id": "JVN#09758120",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4032",
"@id": "CVE-2009-4032",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4032",
"@id": "CVE-2009-4032",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Cacti vulnerable to cross-site scripting"
}
jvndb-2015-000064
Vulnerability from jvndb
Published
2015-05-14 13:39
Modified
2015-05-25 15:29
Summary
Cacti vulnerable to SQL injection
Details
Cacti is a web application that graphs stored data collected from network devices. Cacti contains a SQL injection vulnerability due to a flaw in processing user input values for 'local_graph_id' in graph.php.
Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| The Cacti Group | Cacti |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000064.html",
"dc:date": "2015-05-25T15:29+09:00",
"dcterms:issued": "2015-05-14T13:39+09:00",
"dcterms:modified": "2015-05-25T15:29+09:00",
"description": "Cacti is a web application that graphs stored data collected from network devices. Cacti contains a SQL injection vulnerability due to a flaw in processing user input values for \u0027local_graph_id\u0027 in graph.php.\r\n\r\nDaiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000064.html",
"sec:cpe": {
"#text": "cpe:/a:cacti:cacti",
"@product": "Cacti",
"@vendor": "The Cacti Group",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000064",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN18957556/index.html",
"@id": "JVN#18957556",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0916",
"@id": "CVE-2015-0916",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0916",
"@id": "CVE-2015-0916",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-89",
"@title": "SQL Injection(CWE-89)"
}
],
"title": "Cacti vulnerable to SQL injection"
}
jvndb-2014-002239
Vulnerability from jvndb
Published
2015-07-09 14:41
Modified
2015-07-09 14:41
Summary
Cacti vulnerable to cross-site request forgery
Details
Cacti is a web application that graphs stored data collected from network devices. Cacti contains a cross-site request forgery vulnerability (CWE-352).
Masako Ohno reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | http://jvn.jp/en/jp/JVN55076671/index.html | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2327 | |
| NVD | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2327 | |
| Cross-Site Request Forgery(CWE-352) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| The Cacti Group | Cacti |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-002239.html",
"dc:date": "2015-07-09T14:41+09:00",
"dcterms:issued": "2015-07-09T14:41+09:00",
"dcterms:modified": "2015-07-09T14:41+09:00",
"description": "Cacti is a web application that graphs stored data collected from network devices. Cacti contains a cross-site request forgery vulnerability (CWE-352).\r\n\r\nMasako Ohno reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-002239.html",
"sec:cpe": {
"#text": "cpe:/a:cacti:cacti",
"@product": "Cacti",
"@vendor": "The Cacti Group",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2014-002239",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN55076671/index.html",
"@id": "JVN#55076671",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2327",
"@id": "CVE-2014-2327",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2327",
"@id": "CVE-2014-2327",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "Cacti vulnerable to cross-site request forgery"
}
jvndb-2015-000094
Vulnerability from jvndb
Published
2015-07-09 14:41
Modified
2015-07-14 18:03
Summary
Cacti vulnerable to cross-site scripting
Details
Cacti is a web application that graphs stored data collected from network devices. Cacti contains a cross-site scripting vulnerability (CWE-79) due to a flaw in processing parameters in settings.php.
Daiki Fukumori of Cyber Defense Institute, Inc. and Masako Ohno reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| The Cacti Group | Cacti |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000094.html",
"dc:date": "2015-07-14T18:03+09:00",
"dcterms:issued": "2015-07-09T14:41+09:00",
"dcterms:modified": "2015-07-14T18:03+09:00",
"description": "Cacti is a web application that graphs stored data collected from network devices. Cacti contains a cross-site scripting vulnerability (CWE-79) due to a flaw in processing parameters in settings.php.\r\n\r\nDaiki Fukumori of Cyber Defense Institute, Inc. and Masako Ohno reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000094.html",
"sec:cpe": {
"#text": "cpe:/a:cacti:cacti",
"@product": "Cacti",
"@vendor": "The Cacti Group",
"@version": "2.2"
},
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000094",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN78187936/index.html",
"@id": "JVN#78187936",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2967",
"@id": "CVE-2015-2967",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2967",
"@id": "CVE-2015-2967",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Cacti vulnerable to cross-site scripting"
}
var-201506-0385
Vulnerability from variot
SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving a cdef id. Cacti is an open source network traffic monitoring and analysis tool from Cacti Group. The tool uses snmpget to get data, RRDtool to draw graphics for analysis, and provides data and user management capabilities. Cacti is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-3295-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 24, 2015 https://www.debian.org/security/faq
Package : cacti CVE ID : CVE-2015-2665 CVE-2015-4342 CVE-2015-4454
Several vulnerabilities (cross-site scripting and SQL injection) have been discovered in Cacti, a web interface for graphing of monitoring systems.
For the oldstable distribution (wheezy), these problems have been fixed in version 0.8.8a+dfsg-5+deb7u5.
For the stable distribution (jessie), these problems have been fixed in version 0.8.8b+dfsg-8+deb8u1.
For the unstable distribution (sid), these problems have been fixed in version 0.8.8d+ds1-1.
We recommend that you upgrade your cacti packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJVivszAAoJEAVMuPMTQ89Eq+sP/2jqe/IKVQwUxnJEY1w6hCRY S5kVRgGIW+e6WZnuIqTXWcELC+XhmOWv1F2McC7SJXclV7eMIlae/JwKb47XFVAX 1Nw1NlK+LZlbm23pqTv0ao8a0REhqkhMMENs/Ss1P2QFHxSCAqcoyXQ2wvTLwfXR 8Bm1qV12pHDd0TZG5gInNVncWL13sFIs8Fx0+psLyFa3yh2u5nbylVM2XNa3XTOn YtG4OnWkBrinpXtJ9S3XfF3JTUgMv0WLoK0ZD105GKJnxDWwsalDgFqkInGoYX6R oA/USy1LgX98s19tRKYhgadyl4FcUF62SR6arhPkLQdH3RX8uuZEs8/ozY6u4WSp 24Fsq4x+4M+9tUwNVwOgZ6+pCPkul3tSTfnxE7uao09JCQmD6QuEqbuJObEexnqz xm4JU3d0nXhLl7CGXdgMr4Cs4B+zRW/yCXyBQkbq72BhBPQE/70c1ze+sIdpCJI8 a3seNpa40kvEUQfxin7+itkfJhz2g1beRUsHclSTz8YrBD3iz79hnhlzJPte5H4z WDBXrNkxKnBQMTkhaTufT+NdnlkcxFPbr6HEW70Px/WNPsSca469NGyHy+u9QZM/ oM78VdKjP4AGKzBBY4HYplkbhRAgfF67Wdg0M5GZ8VRuh0knbogeau+srUTj16BO ZUkO3AskyvyalG1tCSsy =OST/ -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201506-0385",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.6,
"vendor": "fedoraproject",
"version": "23"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.6,
"vendor": "fedoraproject",
"version": "24"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.6,
"vendor": "fedoraproject",
"version": "22"
},
{
"model": "cacti",
"scope": "lte",
"trust": 1.0,
"vendor": "cacti",
"version": "0.8.8c"
},
{
"model": "cacti",
"scope": "lt",
"trust": 0.8,
"vendor": "the cacti group",
"version": "0.8.8d"
},
{
"model": "\u003c0.8.8d",
"scope": null,
"trust": 0.6,
"vendor": "cacti",
"version": null
},
{
"model": "technology wsw-2401 h",
"scope": "eq",
"trust": 0.3,
"vendor": "planet",
"version": "0.8.6"
},
{
"model": "technology wsw-2401 g",
"scope": "eq",
"trust": 0.3,
"vendor": "planet",
"version": "0.8.6"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "cacti",
"scope": "eq",
"trust": 0.3,
"vendor": "cacti",
"version": "0.8.7"
},
{
"model": "f",
"scope": "eq",
"trust": 0.3,
"vendor": "cacti",
"version": "0.8.6"
},
{
"model": "c",
"scope": "eq",
"trust": 0.3,
"vendor": "cacti",
"version": "0.8.6"
},
{
"model": "a",
"scope": "eq",
"trust": 0.3,
"vendor": "cacti",
"version": "0.8.5"
},
{
"model": "cacti",
"scope": "eq",
"trust": 0.3,
"vendor": "cacti",
"version": "0.8.5"
},
{
"model": "cacti",
"scope": "eq",
"trust": 0.3,
"vendor": "cacti",
"version": "0.8.4"
},
{
"model": "a",
"scope": "eq",
"trust": 0.3,
"vendor": "cacti",
"version": "0.8.3"
},
{
"model": "cacti",
"scope": "eq",
"trust": 0.3,
"vendor": "cacti",
"version": "0.8.3"
},
{
"model": "a",
"scope": "eq",
"trust": 0.3,
"vendor": "cacti",
"version": "0.8.2"
},
{
"model": "cacti",
"scope": "eq",
"trust": 0.3,
"vendor": "cacti",
"version": "0.8.2"
},
{
"model": "cacti",
"scope": "eq",
"trust": 0.3,
"vendor": "cacti",
"version": "0.8.1"
},
{
"model": "cacti",
"scope": "eq",
"trust": 0.3,
"vendor": "cacti",
"version": "0.8"
},
{
"model": "cacti",
"scope": "eq",
"trust": 0.3,
"vendor": "cacti",
"version": "0.6.7"
},
{
"model": "0.8.7i",
"scope": null,
"trust": 0.3,
"vendor": "cacti",
"version": null
},
{
"model": "0.8.7h",
"scope": null,
"trust": 0.3,
"vendor": "cacti",
"version": null
},
{
"model": "0.8.7g",
"scope": null,
"trust": 0.3,
"vendor": "cacti",
"version": null
},
{
"model": "0.8.7f",
"scope": null,
"trust": 0.3,
"vendor": "cacti",
"version": null
},
{
"model": "0.8.7e",
"scope": null,
"trust": 0.3,
"vendor": "cacti",
"version": null
},
{
"model": "0.8.7d",
"scope": null,
"trust": 0.3,
"vendor": "cacti",
"version": null
},
{
"model": "0.8.7c",
"scope": null,
"trust": 0.3,
"vendor": "cacti",
"version": null
},
{
"model": "0.8.7b",
"scope": null,
"trust": 0.3,
"vendor": "cacti",
"version": null
},
{
"model": "0.8.7a",
"scope": null,
"trust": 0.3,
"vendor": "cacti",
"version": null
},
{
"model": "0.8.6k",
"scope": null,
"trust": 0.3,
"vendor": "cacti",
"version": null
},
{
"model": "0.8.6j",
"scope": null,
"trust": 0.3,
"vendor": "cacti",
"version": null
},
{
"model": "0.8.6i",
"scope": null,
"trust": 0.3,
"vendor": "cacti",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03938"
},
{
"db": "BID",
"id": "75108"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003192"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-324"
},
{
"db": "NVD",
"id": "CVE-2015-4342"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cacti:cacti",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003192"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unhex",
"sources": [
{
"db": "BID",
"id": "75108"
},
{
"db": "PACKETSTORM",
"id": "132224"
}
],
"trust": 0.4
},
"cve": "CVE-2015-4342",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-4342",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-03938",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-4342",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-4342",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-03938",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201506-324",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03938"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003192"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-324"
},
{
"db": "NVD",
"id": "CVE-2015-4342"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving a cdef id. Cacti is an open source network traffic monitoring and analysis tool from Cacti Group. The tool uses snmpget to get data, RRDtool to draw graphics for analysis, and provides data and user management capabilities. Cacti is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. \nExploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3295-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJune 24, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : cacti\nCVE ID : CVE-2015-2665 CVE-2015-4342 CVE-2015-4454\n\nSeveral vulnerabilities (cross-site scripting and SQL injection) have\nbeen discovered in Cacti, a web interface for graphing of monitoring\nsystems. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 0.8.8a+dfsg-5+deb7u5. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 0.8.8b+dfsg-8+deb8u1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 0.8.8d+ds1-1. \n\nWe recommend that you upgrade your cacti packages. \n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIcBAEBCgAGBQJVivszAAoJEAVMuPMTQ89Eq+sP/2jqe/IKVQwUxnJEY1w6hCRY\nS5kVRgGIW+e6WZnuIqTXWcELC+XhmOWv1F2McC7SJXclV7eMIlae/JwKb47XFVAX\n1Nw1NlK+LZlbm23pqTv0ao8a0REhqkhMMENs/Ss1P2QFHxSCAqcoyXQ2wvTLwfXR\n8Bm1qV12pHDd0TZG5gInNVncWL13sFIs8Fx0+psLyFa3yh2u5nbylVM2XNa3XTOn\nYtG4OnWkBrinpXtJ9S3XfF3JTUgMv0WLoK0ZD105GKJnxDWwsalDgFqkInGoYX6R\noA/USy1LgX98s19tRKYhgadyl4FcUF62SR6arhPkLQdH3RX8uuZEs8/ozY6u4WSp\n24Fsq4x+4M+9tUwNVwOgZ6+pCPkul3tSTfnxE7uao09JCQmD6QuEqbuJObEexnqz\nxm4JU3d0nXhLl7CGXdgMr4Cs4B+zRW/yCXyBQkbq72BhBPQE/70c1ze+sIdpCJI8\na3seNpa40kvEUQfxin7+itkfJhz2g1beRUsHclSTz8YrBD3iz79hnhlzJPte5H4z\nWDBXrNkxKnBQMTkhaTufT+NdnlkcxFPbr6HEW70Px/WNPsSca469NGyHy+u9QZM/\noM78VdKjP4AGKzBBY4HYplkbhRAgfF67Wdg0M5GZ8VRuh0knbogeau+srUTj16BO\nZUkO3AskyvyalG1tCSsy\n=OST/\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4342"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003192"
},
{
"db": "CNVD",
"id": "CNVD-2015-03938"
},
{
"db": "BID",
"id": "75108"
},
{
"db": "PACKETSTORM",
"id": "132429"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-4342",
"trust": 3.5
},
{
"db": "PACKETSTORM",
"id": "132224",
"trust": 3.1
},
{
"db": "BID",
"id": "75108",
"trust": 1.9
},
{
"db": "SECTRACK",
"id": "1032672",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003192",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-03938",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201506-324",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "132429",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03938"
},
{
"db": "BID",
"id": "75108"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003192"
},
{
"db": "PACKETSTORM",
"id": "132224"
},
{
"db": "PACKETSTORM",
"id": "132429"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-324"
},
{
"db": "NVD",
"id": "CVE-2015-4342"
}
]
},
"id": "VAR-201506-0385",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03938"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03938"
}
]
},
"last_update_date": "2024-11-23T21:55:11.845000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Release Notes - 0.8.8d",
"trust": 0.8,
"url": "http://www.cacti.net/release_notes_0_8_8d.php"
},
{
"title": "Bug Reporting",
"trust": 0.8,
"url": "http://bugs.cacti.net/main_page.php"
},
{
"title": "Patch for Cacti SQL Injection Vulnerability (CNVD-2015-03938)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/59936"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03938"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003192"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003192"
},
{
"db": "NVD",
"id": "CVE-2015-4342"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://packetstormsecurity.com/files/132224/cacti-sql-injection-header-injection.html"
},
{
"trust": 1.9,
"url": "http://seclists.org/fulldisclosure/2015/jun/19"
},
{
"trust": 1.9,
"url": "http://www.cacti.net/release_notes_0_8_8d.php"
},
{
"trust": 1.7,
"url": "http://bugs.cacti.net/view.php?id=2571"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00052.html"
},
{
"trust": 1.0,
"url": "http://www.debian.org/security/2015/dsa-3295"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1032672"
},
{
"trust": 1.0,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-may/183919.html"
},
{
"trust": 1.0,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-may/183449.html"
},
{
"trust": 1.0,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-may/183454.html"
},
{
"trust": 1.0,
"url": "https://bugzilla.suse.com/show_bug.cgi?id=934187"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/75108"
},
{
"trust": 1.0,
"url": "https://www.suse.com/security/cve/cve-2015-4342.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4342"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4342"
},
{
"trust": 0.3,
"url": "http://cacti.net/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4342"
},
{
"trust": 0.1,
"url": "http://bugs.cacti.net/view.php?id=2571#c6864"
},
{
"trust": 0.1,
"url": "http://www.dbappsecurity.com.cn/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2665"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4454"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03938"
},
{
"db": "BID",
"id": "75108"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003192"
},
{
"db": "PACKETSTORM",
"id": "132224"
},
{
"db": "PACKETSTORM",
"id": "132429"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-324"
},
{
"db": "NVD",
"id": "CVE-2015-4342"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-03938"
},
{
"db": "BID",
"id": "75108"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003192"
},
{
"db": "PACKETSTORM",
"id": "132224"
},
{
"db": "PACKETSTORM",
"id": "132429"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-324"
},
{
"db": "NVD",
"id": "CVE-2015-4342"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-06-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-03938"
},
{
"date": "2015-06-09T00:00:00",
"db": "BID",
"id": "75108"
},
{
"date": "2015-06-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003192"
},
{
"date": "2015-06-09T17:22:22",
"db": "PACKETSTORM",
"id": "132224"
},
{
"date": "2015-06-25T02:36:27",
"db": "PACKETSTORM",
"id": "132429"
},
{
"date": "2015-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-324"
},
{
"date": "2015-06-17T18:59:07.407000",
"db": "NVD",
"id": "CVE-2015-4342"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-06-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-03938"
},
{
"date": "2015-07-14T23:45:00",
"db": "BID",
"id": "75108"
},
{
"date": "2015-06-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003192"
},
{
"date": "2015-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-324"
},
{
"date": "2024-11-21T02:30:51.693000",
"db": "NVD",
"id": "CVE-2015-4342"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "132224"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-324"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cacti In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003192"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "sql injection",
"sources": [
{
"db": "PACKETSTORM",
"id": "132224"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-324"
}
],
"trust": 0.7
}
}