CVE-2008-0786

CRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k, when running on older PHP interpreters, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Link	Resource
http://www.cacti.net/release_notes_0_8_7b.php	Patch
http://www.securityfocus.com/bid/27749	Patch
http://www.securitytracker.com/id?1019414
http://secunia.com/advisories/28872	Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:052
https://bugzilla.redhat.com/show_bug.cgi?id=432758
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00570.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00593.html
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
http://secunia.com/advisories/28976
http://secunia.com/advisories/29242
http://security.gentoo.org/glsa/glsa-200803-18.xml
http://secunia.com/advisories/29274
http://securityreason.com/securityalert/3657
http://www.vupen.com/english/advisories/2008/0540
http://www.securityfocus.com/archive/1/488018/100/0/threaded
http://www.securityfocus.com/archive/1/488013/100/0/threaded

Configuration 1

cpe:2.3:a:cacti:cacti:0.8.7:*:*:*:*:*:*:* cpe:2.3:a:cacti:cacti:0.8.5a:*:*:*:*:*:*:* cpe:2.3:a:cacti:cacti:0.8.3:*:*:*:*:*:*:* cpe:2.3:a:cacti:cacti:0.8.2:*:*:*:*:*:*:* cpe:2.3:a:cacti:cacti:0.8.5:*:*:*:*:*:*:* cpe:2.3:a:cacti:cacti:0.8.7a:*:*:*:*:*:*:* cpe:2.3:a:cacti:cacti:0.8.6f:*:*:*:*:*:*:* cpe:2.3:a:cacti:cacti:0.8.6j:*:*:*:*:*:*:* cpe:2.3:a:cacti:cacti:0.8:*:*:*:*:*:*:* cpe:2.3:a:cacti:cacti:0.8.6i:*:*:*:*:*:*:* cpe:2.3:a:cacti:cacti:0.6.7:*:*:*:*:*:*:* cpe:2.3:a:cacti:cacti:0.8.1:*:*:*:*:*:*:* cpe:2.3:a:cacti:cacti:0.8.4:*:*:*:*:*:*:* cpe:2.3:a:cacti:cacti:0.8.6c:*:*:*:*:*:*:* cpe:2.3:a:cacti:cacti:0.8.2a:*:*:*:*:*:*:* cpe:2.3:a:cacti:cacti:0.8.3a:*:*:*:*:*:*:*

---

Published : 2008-02-14 11:00

Updated : 2018-10-15 10:03

---

NVD link : CVE-2008-0786

Mitre link : CVE-2008-0786

No products.

CWE-94