| VID |
21674 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
A version of Cacti which is older than version 0.8.6e appears as running on the host. Cacti is a Web-based frontend to RRDTool (Round Robin Database tool) for network graphing written by PHP. Cacti versions prior to 0.8.6e are vulnerable to multiple vulnerabilities, which can be exploited by a remote attacker to conduct arbitrary code execution, directory traversal, and SQL injection attacks.
* References:
http://www.idefense.com/application/poi/display?id=265
http://www.idefense.com/application/poi/display?id=266
http://www.idefense.com/application/poi/display?id=267
http://www.securityfocus.com/archive/1/403174/30/0/threaded
* Platforms Affected:
Cacti versions prior to 0.8.6e
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of Cacti (0.8.6e or later), available from the Cacti Download Web page at http://www.cacti.net/download_cacti.php |
| Related URL |
CVE-2005-1524,CVE-2005-1525,CVE-2005-1526 (CVE) |
| Related URL |
14027,14028,14030,14042 (SecurityFocus) |
| Related URL |
21118,21119,21120 (ISS) |
|
