CVE-2008-0786 — Code Injection in Cacti

CWE-94 — Code Injection6 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

1.3%

top 20.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cacti Debian Cacti

Timeline

PublishedFeb 14

Latest updateMay 1

Description

CRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k, when running on older PHP interpreters, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/cacti< cacti 0.8.7b-1 (bookworm)

▶Debiancacti/cacti< 0.8.7b-1+3

▶NVDcacti/cacti16 versions+15

Patches

Patch: www.cacti.net ↗Patch: www.securityfocus.com ↗Patch: www.cacti.net ↗

🔴Vulnerability Details

GHSA

GHSA-9m4h-7g4v-j826: CRLF injection vulnerability in Cacti 0↗2022-05-01

▶

OSV

CVE-2008-0786: CRLF injection vulnerability in Cacti 0↗2008-02-14

▶

📋Vendor Advisories

Debian

CVE-2008-0786: cacti - CRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6...↗2008

▶

Red Hat

cacti: multiple input saintization issues (CVE-2008-0783, CVE-2008-0784, CVE-2008-0785, CVE-2008-0786)↗

▶

💬Community

Bugzilla

cacti: multiple input saintization issues (CVE-2008-0783, CVE-2008-0784, CVE-2008-0785, CVE-2008-0786)↗2008-02-14

▶