CVE-2008-0786

NameCVE-2008-0786
DescriptionCRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k, when running on older PHP interpreters, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
cacti (PTS)stretch (security), stretch0.8.8h+ds1-10+deb9u1fixed
buster1.2.2+ds1-2+deb10u4fixed
buster (security)1.2.2+ds1-2+deb10u2fixed
bullseye, sid1.2.16+ds1-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
cactisourceetch(not affected)
cactisource(unstable)0.8.7b-1

Notes

[etch] - cacti <not-affected> (Not exploitable with Etch PHP version)
this is prevented by PHP since 4.4.2/5.1.2.

Search for package or bug name: Reporting problems