Signature Detail
Short Name |
HTTP:PHP:CACTI-RRD-FILE-INC |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Cacti RRD Remote File Inclusion |
Release Date |
2005/07/26 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Cacti RRD Remote File Inclusion
This signature detects an attempt to force the Cacti RRD PHP application to include a remote file for configuration. This vulnerability could lead to compromise of the remote server and privilege escalation.
Extended Description
RaXnet Cacti is prone to a remote command execution vulnerability that manifests in the 'graph_image.php' script. The issue is due to a bug in the input filters that leads to a failure in the application to properly sanitize user-supplied input. This issue can facilitate various attacks including unauthorized access to an affected computer.
Affected Products
- Conectiva Linux 10.0.0
- Conectiva Linux 9.0.0
- Debian Linux 3.0.0
- Debian Linux 3.0.0 Alpha
- Debian Linux 3.0.0 Arm
- Debian Linux 3.0.0 Hppa
- Debian Linux 3.0.0 Ia-32
- Debian Linux 3.0.0 Ia-64
- Debian Linux 3.0.0 M68k
- Debian Linux 3.0.0 Mips
- Debian Linux 3.0.0 Mipsel
- Debian Linux 3.0.0 Ppc
- Debian Linux 3.0.0 S/390
- Debian Linux 3.0.0 Sparc
- Debian Linux 3.1.0
- Debian Linux 3.1.0 Alpha
- Debian Linux 3.1.0 Arm
- Debian Linux 3.1.0 Hppa
- Debian Linux 3.1.0 Ia-32
- Debian Linux 3.1.0 Ia-64
- Debian Linux 3.1.0 M68k
- Debian Linux 3.1.0 Mips
- Debian Linux 3.1.0 Mipsel
- Debian Linux 3.1.0 Ppc
- Debian Linux 3.1.0 S/390
- Debian Linux 3.1.0 Sparc
- Raxnet Cacti 0.5.0
- Raxnet Cacti 0.6.0
- Raxnet Cacti 0.6.1
- Raxnet Cacti 0.6.2
- Raxnet Cacti 0.6.3
- Raxnet Cacti 0.6.4
- Raxnet Cacti 0.6.5
- Raxnet Cacti 0.6.6
- Raxnet Cacti 0.6.7
- Raxnet Cacti 0.6.8
- Raxnet Cacti 0.6.8 a
- Raxnet Cacti 0.8.0
- Raxnet Cacti 0.8.1
- Raxnet Cacti 0.8.2
- Raxnet Cacti 0.8.2 a
- Raxnet Cacti 0.8.3
- Raxnet Cacti 0.8.3 a
- Raxnet Cacti 0.8.4
- Raxnet Cacti 0.8.5
- Raxnet Cacti 0.8.5 a
- Raxnet Cacti 0.8.6
- Raxnet Cacti 0.8.6 a
- Raxnet Cacti 0.8.6 b
- Raxnet Cacti 0.8.6 c
- Raxnet Cacti 0.8.6 d
- Raxnet Cacti 0.8.6 e
- SuSE Linux Personal 9.1.0
- SuSE Linux Personal 9.1.0 X86 64
- SuSE Linux Personal 9.2.0
- SuSE Linux Personal 9.2.0 X86 64
- SuSE Linux Personal 9.3.0
- SuSE Linux Personal 9.3.0 X86 64
- SuSE Linux Professional 9.1.0
- SuSE Linux Professional 9.1.0 X86 64
- SuSE Linux Professional 9.2.0
- SuSE Linux Professional 9.2.0 X86 64
- SuSE Linux Professional 9.3.0
- SuSE Linux Professional 9.3.0 X86 64
References