Cacti Multiple Input Validation Vulnerabilities
BID:51048
Info
Cacti Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 51048 |
| Class: | Input Validation Error |
| CVE: |
CVE-2011-5223 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 13 2011 12:00AM |
| Updated: | Apr 13 2015 08:48PM |
| Credit: | red_garlic |
| Vulnerable: |
Planet Technology WSW-2401 0.8.6 h Planet Technology WSW-2401 0.8.6 g Cacti Cacti 0.8.7 Cacti Cacti 0.8.6 f Cacti Cacti 0.8.6 c Cacti Cacti 0.8.5 a Cacti Cacti 0.8.5 Cacti Cacti 0.8.4 Cacti Cacti 0.8.3 a Cacti Cacti 0.8.3 Cacti Cacti 0.8.2 a Cacti Cacti 0.8.2 Cacti Cacti 0.8.1 Cacti Cacti 0.8 Cacti Cacti 0.6.7 Cacti Cacti 0.8.7h Cacti Cacti 0.8.7g Cacti Cacti 0.8.7f Cacti Cacti 0.8.7e Cacti Cacti 0.8.7d Cacti Cacti 0.8.7c Cacti Cacti 0.8.7b Cacti Cacti 0.8.7a Cacti Cacti 0.8.6k Cacti Cacti 0.8.6j Cacti Cacti 0.8.6i |
| Not Vulnerable: |
Cacti Cacti 0.8.7i |
Discussion
Cacti Multiple Input Validation Vulnerabilities
Cacti is prone to multiple multiple input-validation vulnerabilities including:
1. Multiple cross-site scripting vulnerabilities.
2. A cross-site request-forgery vulnerability.
3. An HTML-injection vulnerability.
An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, disclose or modify sensitive information, or perform unauthorized actions. Other attacks are also possible.
Versions prior to Cacti 0.8.7i are vulnerable.
Cacti is prone to multiple multiple input-validation vulnerabilities including:
1. Multiple cross-site scripting vulnerabilities.
2. A cross-site request-forgery vulnerability.
3. An HTML-injection vulnerability.
An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, disclose or modify sensitive information, or perform unauthorized actions. Other attacks are also possible.
Versions prior to Cacti 0.8.7i are vulnerable.
Exploit / POC
Cacti Multiple Input Validation Vulnerabilities
To exploit these issues, an attacker must entice an unsuspecting victim to follow a malicious URI or visit a malicious website.
To exploit these issues, an attacker must entice an unsuspecting victim to follow a malicious URI or visit a malicious website.
Solution / Fix
Cacti Multiple Input Validation Vulnerabilities
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
Cacti Multiple Input Validation Vulnerabilities
References:
References:
- 0002062: Multiple security vunerbilities (Cacti)
- Cacti Homepage (Cacti)
- Release of Cacti 0.8.7i (Cacti)