This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:PHP:CACTI-RRD-FILE-INC
|
Severity |
Major
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
HTTP
|
Keywords |
Cacti RRD Remote File Inclusion
|
Release Date |
2005/07/26
|
Update Number |
1213
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: Cacti RRD Remote File Inclusion
This signature detects an attempt to force the Cacti RRD PHP application to include a remote file for configuration. This vulnerability could lead to compromise of the remote server and privilege escalation.
Extended Description
RaXnet Cacti is prone to a remote command execution vulnerability that manifests in the 'graph_image.php' script. The issue is due to a bug in the input filters that leads to a failure in the application to properly sanitize user-supplied input.
This issue can facilitate various attacks including unauthorized access to an affected computer.
Affected Products
- Conectiva linux 10.0.0
- Conectiva linux 9.0.0
- Debian linux 3.0.0
- Debian linux 3.0.0 Alpha
- Debian linux 3.0.0 Arm
- Debian linux 3.0.0 Hppa
- Debian linux 3.0.0 Ia-32
- Debian linux 3.0.0 Ia-64
- Debian linux 3.0.0 M68k
- Debian linux 3.0.0 Mips
- Debian linux 3.0.0 Mipsel
- Debian linux 3.0.0 Ppc
- Debian linux 3.0.0 S/390
- Debian linux 3.0.0 Sparc
- Debian linux 3.1.0
- Debian linux 3.1.0 Alpha
- Debian linux 3.1.0 Arm
- Debian linux 3.1.0 Hppa
- Debian linux 3.1.0 Ia-32
- Debian linux 3.1.0 Ia-64
- Debian linux 3.1.0 M68k
- Debian linux 3.1.0 Mips
- Debian linux 3.1.0 Mipsel
- Debian linux 3.1.0 Ppc
- Debian linux 3.1.0 S/390
- Debian linux 3.1.0 Sparc
- Raxnet cacti 0.5.0
- Raxnet cacti 0.6.0
- Raxnet cacti 0.6.1
- Raxnet cacti 0.6.2
- Raxnet cacti 0.6.3
- Raxnet cacti 0.6.4
- Raxnet cacti 0.6.5
- Raxnet cacti 0.6.6
- Raxnet cacti 0.6.7
- Raxnet cacti 0.6.8
- Raxnet cacti 0.6.8 a
- Raxnet cacti 0.8.0
- Raxnet cacti 0.8.1
- Raxnet cacti 0.8.2
- Raxnet cacti 0.8.2 a
- Raxnet cacti 0.8.3
- Raxnet cacti 0.8.3 a
- Raxnet cacti 0.8.4
- Raxnet cacti 0.8.5
- Raxnet cacti 0.8.5 a
- Raxnet cacti 0.8.6
- Raxnet cacti 0.8.6 a
- Raxnet cacti 0.8.6 b
- Raxnet cacti 0.8.6 c
- Raxnet cacti 0.8.6 d
- Raxnet cacti 0.8.6 e
- Suse linux_personal 9.1.0
- Suse linux_personal 9.1.0 X86 64
- Suse linux_personal 9.2.0
- Suse linux_personal 9.2.0 X86 64
- Suse linux_personal 9.3.0
- Suse linux_personal 9.3.0 X86 64
- Suse linux_professional 9.1.0
- Suse linux_professional 9.1.0 X86 64
- Suse linux_professional 9.2.0
- Suse linux_professional 9.2.0 X86 64
- Suse linux_professional 9.3.0
- Suse linux_professional 9.3.0 X86 64
References