CVE-2012-2104
published 2012-08-26CVE-2012-2104: cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to…
PriorityP342medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
5.08%
91.3th percentile
cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to inject terminal emulator escape sequences and execute arbitrary commands or delete arbitrary files via a crafted HTTP request.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | citrix_sd-wan | — | — |
| citrix | sd-wan | — | — |
| citrix | xenserver | — | — |
| debian | munin | < munin 2.0~rc6-1 (bookworm) | munin 2.0~rc6-1 (bookworm) |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | >= 0 < 2.0~rc6-1 | 2.0~rc6-1 |
| munin-monitoring | munin | >= 0 < 2.0~rc6-1 | 2.0~rc6-1 |
| munin-monitoring | munin | >= 0 < 2.0~rc6-1 | 2.0~rc6-1 |
| munin-monitoring | munin | >= 0 < 2.0~rc6-1 | 2.0~rc6-1 |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3pm4-hp5q-g8qj: cgi-bin/munin-cgi-graph in Munin 2
ghsa_unreviewed·2022-05-14
CVE-2012-2104 [MEDIUM] CWE-20 GHSA-3pm4-hp5q-g8qj: cgi-bin/munin-cgi-graph in Munin 2
cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to inject terminal emulator escape sequences and execute arbitrary commands or delete arbitrary files via a crafted HTTP request.
OSV
CVE-2012-2104: cgi-bin/munin-cgi-graph in Munin 2
osv·2012-08-26·CVSS 6.8
CVE-2012-2104 [MEDIUM] CVE-2012-2104: cgi-bin/munin-cgi-graph in Munin 2
cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to inject terminal emulator escape sequences and execute arbitrary commands or delete arbitrary files via a crafted HTTP request.
Debian
CVE-2012-2104: munin - cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizin...
vendor_debian·2012·CVSS 6.8
CVE-2012-2104 [MEDIUM] CVE-2012-2104: munin - cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizin...
cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to inject terminal emulator escape sequences and execute arbitrary commands or delete arbitrary files via a crafted HTTP request.
Scope: local
bookworm: resolved (fixed in 2.0~rc6-1)
bullseye: resolved (fixed in 2.0~rc6-1)
forky: resolved (fixed in 2.0~rc6-1)
sid: resolved (fixed in 2.0~rc6-1)
trixie: resolved (fixed in 2.0~rc6-1)
Citrix
Citrix SD-WAN Multiple Security Updates
vendor_citrix·CVSS 6.8
CVE-2012-2104 [MEDIUM] Citrix SD-WAN Multiple Security Updates
Citrix SD-WAN Multiple Security Updates
of Problem Multiple vulnerabilities have been identified in the management interface of Citrix NetScaler SD-WAN physical appliances and virtual appliances. Collectively these vulnerabilities could allow an unauthenticated attacker with access to the management interface to compromise the host. The vulnerabilities have been assigned the following CVE numbers. CVE-2018-17444 - Directory traversal in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. CVE-2018-17445 - Command Injection in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. CVE-2018-17446 - SQL Injection in in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. CVE-2018-17447 - Infor
No detection rules found.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668666http://www.openwall.com/lists/oss-security/2012/04/16/5http://www.openwall.com/lists/oss-security/2012/04/16/6http://www.securityfocus.com/bid/53032https://exchange.xforce.ibmcloud.com/vulnerabilities/74885https://support.citrix.com/article/CTX236992http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668666http://www.openwall.com/lists/oss-security/2012/04/16/5http://www.openwall.com/lists/oss-security/2012/04/16/6http://www.securityfocus.com/bid/53032https://exchange.xforce.ibmcloud.com/vulnerabilities/74885https://support.citrix.com/article/CTX236992
2012-08-26
Published