fkie_cve-2008-0784
Vulnerability from fkie_nvd
Published
2008-02-14 23:00
Modified
2025-04-09 00:30
Severity ?
Summary
graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allows remote attackers to obtain the full path via an invalid local_graph_id parameter and other unspecified vectors.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
cve@mitre.orghttp://secunia.com/advisories/28872Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/28976
cve@mitre.orghttp://secunia.com/advisories/29242
cve@mitre.orghttp://secunia.com/advisories/29274
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200803-18.xml
cve@mitre.orghttp://securityreason.com/securityalert/3657
cve@mitre.orghttp://www.cacti.net/release_notes_0_8_7b.phpPatch
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2008:052
cve@mitre.orghttp://www.securityfocus.com/archive/1/488013/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/488018/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/27749Exploit, Patch
cve@mitre.orghttp://www.securitytracker.com/id?1019414
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/0540
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=432758
cve@mitre.orghttps://www.redhat.com/archives/fedora-package-announce/2008-February/msg00570.html
cve@mitre.orghttps://www.redhat.com/archives/fedora-package-announce/2008-February/msg00593.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28872Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28976
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29242
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29274
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200803-18.xml
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/3657
af854a3a-2127-422b-91ae-364da2661108http://www.cacti.net/release_notes_0_8_7b.phpPatch
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2008:052
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/488013/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/488018/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/27749Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1019414
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/0540
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=432758
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00570.html
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00593.html
Impacted products
Vendor Product Version
cacti cacti 0.6.7
cacti cacti 0.8
cacti cacti 0.8.1
cacti cacti 0.8.2
cacti cacti 0.8.2a
cacti cacti 0.8.3
cacti cacti 0.8.3a
cacti cacti 0.8.4
cacti cacti 0.8.5
cacti cacti 0.8.5a
cacti cacti 0.8.6c
cacti cacti 0.8.6f
cacti cacti 0.8.6i
cacti cacti 0.8.6j
cacti cacti 0.8.7
cacti cacti 0.8.7a


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4611FB4-7B8D-4DCA-9BFC-87585E16129B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B44E0187-3577-4770-8D76-10F64F6400B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3E6282B-B403-45AD-B1EC-82257EEA1A43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0936E4B2-D89C-44B3-9082-77FA369BA280",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.2a:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1257552-9117-45EE-B77C-00879E1FC67B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA380DC2-2392-413E-AC7A-F8B854EA3108",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.3a:*:*:*:*:*:*:*",
              "matchCriteriaId": "B530A944-0A71-4F88-AAE6-3844364FB098",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "62C554AE-AE7A-48B1-A1FF-E8E7691EA344",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "25541421-4A87-43BF-86D7-E1377CE3C859",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.5a:*:*:*:*:*:*:*",
              "matchCriteriaId": "301E2B13-D410-4B26-9A47-F90343F47C18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.6c:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE910AB1-7D04-4743-9963-BBA191EE4078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.6f:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB41A3C5-D03A-4B1F-B841-A9F5021A59F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.6i:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D62D429-7BDE-47DE-B466-0732DAC3F70E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.6j:*:*:*:*:*:*:*",
              "matchCriteriaId": "6893355E-2F64-416D-9AED-898E6D1123F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "191A8F3B-EDFA-47AA-B7B1-95B4C05AFD7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.7a:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A8C1715-DCA1-4C83-B817-9366172CFC1D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allows remote attackers to obtain the full path via an invalid local_graph_id parameter and other unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Graph.php en Cacti 0.8.7 anterior a 0.8.7b y  0.8.6 anterior a 0.8.6k, permite a atacantes remotos obtener la ruta completa a trav\u00e9s de un par\u00e1metro local_graph_id inv\u00e1lido y otros vectores no especificados."
    }
  ],
  "id": "CVE-2008-0784",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-02-14T23:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28872"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/28976"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/29242"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/29274"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200803-18.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/3657"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.cacti.net/release_notes_0_8_7b.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:052"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/488013/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/488018/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/27749"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019414"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0540"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=432758"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00570.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00593.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28872"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28976"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29242"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29274"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200803-18.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3657"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.cacti.net/release_notes_0_8_7b.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:052"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/488013/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/488018/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/27749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019414"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0540"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=432758"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00570.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00593.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.