CVE-2008-0786

medium

Description

CRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k, when running on older PHP interpreters, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

References

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00593.html

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00570.html

https://bugzilla.redhat.com/show_bug.cgi?id=432758

http://www.vupen.com/english/advisories/2008/0540

http://www.securitytracker.com/id?1019414

http://www.securityfocus.com/bid/27749

http://www.securityfocus.com/archive/1/488018/100/0/threaded

http://www.securityfocus.com/archive/1/488013/100/0/threaded

http://www.mandriva.com/security/advisories?name=MDVSA-2008:052

http://www.cacti.net/release_notes_0_8_7b.php

http://securityreason.com/securityalert/3657

http://security.gentoo.org/glsa/glsa-200803-18.xml

http://secunia.com/advisories/29274

http://secunia.com/advisories/29242

http://secunia.com/advisories/28976

http://secunia.com/advisories/28872

http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html

Details

Source: Mitre, NVD

Published: 2008-02-14

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N