CVE-2007-3113
First published: Thu Jun 07 2007(Updated: )
<a href="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3112">http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3112</a> "Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_start or (2) graph_end parameter." <a href="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3113">http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3113</a> "Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_height or (2) graph_width parameter." The patch linked to in the reports applies to 0.8.6j too.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/0.8.6j | <8. | 8. |
| Cacti | <=0.8.6i |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3112
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3113
- http://svn.cacti.net/cgi-bin/viewcvs.cgi/branches/BRANCH_0_8_6/cacti/graph_image.php?rev=3956&r1=3898&r2=3956&makepatch=1&diff_format=h
- https://bugzilla.redhat.com/show_bug.cgi?id=243592
- http://mdessus.free.fr/?p=15
- http://bugs.cacti.net/view.php?id=955
- http://svn.cacti.net/cgi-bin/viewcvs.cgi/branches/BRANCH_0_8_6/cacti/graph_image.php?rev=3956&r1=3898&r2=3956
- http://secunia.com/advisories/25557
- http://fedoranews.org/updates/FEDORA-2007-219.shtml
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:184
- http://secunia.com/advisories/26872
- http://osvdb.org/37019
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34747
Frequently Asked Questions
What is the severity of CVE-2007-3113?
CVE-2007-3113 has a high severity due to its potential to cause denial of service by consuming excessive CPU resources.
How do I fix CVE-2007-3113?
To fix CVE-2007-3113, upgrade Cacti to version 0.8.6j or later.
What versions of Cacti are affected by CVE-2007-3113?
CVE-2007-3113 affects Cacti version 0.8.6i and possibly earlier versions.
Can CVE-2007-3113 be exploited by unauthenticated users?
No, CVE-2007-3113 can only be exploited by remote authenticated users.
What is the impact of an attack exploiting CVE-2007-3113?
An attack exploiting CVE-2007-3113 can lead to significant CPU consumption, resulting in a denial of service.
- collector/redhat-bugzilla
- alias/CVE-2007-3113
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/remedy
- agent/description
- agent/type
- agent/event
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/redhat
- vendor/the cacti group
- canonical/cacti
- version/cacti/0.8.6i