CVE-2012-4678
published 2012-08-26CVE-2012-4678: munin-cgi-graph for Munin 2.0 rc4 does not delete temporary files, which allows remote attackers to cause a denial of service (disk consumption) via many…
PriorityP423medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
2.22%
80.4th percentile
munin-cgi-graph for Munin 2.0 rc4 does not delete temporary files, which allows remote attackers to cause a denial of service (disk consumption) via many requests to an image with unique parameters.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | munin | < munin 2.0~rc6-1 (bookworm) | munin 2.0~rc6-1 (bookworm) |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | >= 0 < 2.0~rc6-1 | 2.0~rc6-1 |
| munin-monitoring | munin | >= 0 < 2.0~rc6-1 | 2.0~rc6-1 |
| munin-monitoring | munin | >= 0 < 2.0~rc6-1 | 2.0~rc6-1 |
| munin-monitoring | munin | >= 0 < 2.0~rc6-1 | 2.0~rc6-1 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8r7j-2xcc-hmf7: munin-cgi-graph for Munin 2
ghsa_unreviewed·2022-05-17
CVE-2012-4678 [MEDIUM] GHSA-8r7j-2xcc-hmf7: munin-cgi-graph for Munin 2
munin-cgi-graph for Munin 2.0 rc4 does not delete temporary files, which allows remote attackers to cause a denial of service (disk consumption) via many requests to an image with unique parameters.
OSV
CVE-2012-4678: munin-cgi-graph for Munin 2
osv·2012-08-26·CVSS 5.0
CVE-2012-4678 [MEDIUM] CVE-2012-4678: munin-cgi-graph for Munin 2
munin-cgi-graph for Munin 2.0 rc4 does not delete temporary files, which allows remote attackers to cause a denial of service (disk consumption) via many requests to an image with unique parameters.
Debian
CVE-2012-4678: munin - munin-cgi-graph for Munin 2.0 rc4 does not delete temporary files, which allows ...
vendor_debian·2012·CVSS 5.0
CVE-2012-4678 [MEDIUM] CVE-2012-4678: munin - munin-cgi-graph for Munin 2.0 rc4 does not delete temporary files, which allows ...
munin-cgi-graph for Munin 2.0 rc4 does not delete temporary files, which allows remote attackers to cause a denial of service (disk consumption) via many requests to an image with unique parameters.
Scope: local
bookworm: resolved (fixed in 2.0~rc6-1)
bullseye: resolved (fixed in 2.0~rc6-1)
forky: resolved (fixed in 2.0~rc6-1)
sid: resolved (fixed in 2.0~rc6-1)
trixie: resolved (fixed in 2.0~rc6-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668667http://munin-monitoring.org/changeset/4825http://www.openwall.com/lists/oss-security/2012/04/16/5http://www.openwall.com/lists/oss-security/2012/04/16/6http://www.openwall.com/lists/oss-security/2012/04/18/2http://www.openwall.com/lists/oss-security/2012/04/19/3http://www.openwall.com/lists/oss-security/2012/04/19/4http://www.openwall.com/lists/oss-security/2012/04/19/5http://www.openwall.com/lists/oss-security/2012/04/27/7http://www.openwall.com/lists/oss-security/2012/04/29/2http://www.securityfocus.com/bid/53034https://bugzilla.redhat.com/show_bug.cgi?id=812889http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668667http://munin-monitoring.org/changeset/4825http://www.openwall.com/lists/oss-security/2012/04/16/5http://www.openwall.com/lists/oss-security/2012/04/16/6http://www.openwall.com/lists/oss-security/2012/04/18/2http://www.openwall.com/lists/oss-security/2012/04/19/3http://www.openwall.com/lists/oss-security/2012/04/19/4http://www.openwall.com/lists/oss-security/2012/04/19/5http://www.openwall.com/lists/oss-security/2012/04/27/7http://www.openwall.com/lists/oss-security/2012/04/29/2http://www.securityfocus.com/bid/53034https://bugzilla.redhat.com/show_bug.cgi?id=812889
2012-08-26
Published