CVE-2008-0786: Code Injection
First published: Thu Feb 14 2008(Updated: )
CRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k, when running on older PHP interpreters, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cacti | =0.8.7 | |
| Cacti | =0.8.5a | |
| Cacti | =0.8.3 | |
| Cacti | =0.8.2 | |
| Cacti | =0.8.5 | |
| Cacti | =0.8.7a | |
| Cacti | =0.8.6f | |
| Cacti | =0.8.6j | |
| Cacti | =0.8 | |
| Cacti | =0.8.6i | |
| Cacti | =0.6.7 | |
| Cacti | =0.8.1 | |
| Cacti | =0.8.4 | |
| Cacti | =0.8.6c | |
| Cacti | =0.8.2a | |
| Cacti | =0.8.3a |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.cacti.net/release_notes_0_8_7b.php
- http://www.securityfocus.com/bid/27749
- http://www.securitytracker.com/id?1019414
- http://secunia.com/advisories/28872
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:052
- https://bugzilla.redhat.com/show_bug.cgi?id=432758
- https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00570.html
- https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00593.html
- http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
- http://secunia.com/advisories/28976
- http://secunia.com/advisories/29242
- http://security.gentoo.org/glsa/glsa-200803-18.xml
- http://secunia.com/advisories/29274
- http://securityreason.com/securityalert/3657
- http://www.vupen.com/english/advisories/2008/0540
- http://www.securityfocus.com/archive/1/488018/100/0/threaded
- http://www.securityfocus.com/archive/1/488013/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2008-0786?
CVE-2008-0786 is considered a medium severity vulnerability due to the potential for HTTP response splitting attacks.
How do I fix CVE-2008-0786?
To fix CVE-2008-0786, upgrade to Cacti version 0.8.7b or later.
Which versions of Cacti are affected by CVE-2008-0786?
CVE-2008-0786 affects Cacti versions 0.8.1 through 0.8.7a and earlier 0.8.6 versions.
What type of vulnerability is CVE-2008-0786?
CVE-2008-0786 is a CRLF injection vulnerability that allows for the injection of arbitrary HTTP headers.
Can CVE-2008-0786 lead to other attacks apart from HTTP response splitting?
Yes, CVE-2008-0786 can also facilitate other attacks such as web cache poisoning and cross-site scripting.
- agent/weakness
- agent/remedy
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/cacti
- canonical/cacti
- version/cacti/0.8.7
- version/cacti/0.8.5a
- version/cacti/0.8.3
- version/cacti/0.8.2
- version/cacti/0.8.5
- version/cacti/0.8.7a
- version/cacti/0.8.6f
- version/cacti/0.8.6j
- version/cacti/0.8
- version/cacti/0.8.6i
- version/cacti/0.6.7
- version/cacti/0.8.1
- version/cacti/0.8.4
- version/cacti/0.8.6c
- version/cacti/0.8.2a
- version/cacti/0.8.3a