CVE-2008-0786

NameCVE-2008-0786
DescriptionCRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k, when running on older PHP interpreters, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
cacti (PTS)bullseye1.2.16+ds1-2+deb11u3fixed
bullseye (security)1.2.16+ds1-2+deb11u5fixed
bookworm, bookworm (security)1.2.24+ds1-1+deb12u5fixed
forky, sid, trixie1.2.30+ds1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
cactisourceetch(not affected)
cactisource(unstable)0.8.7b-1

Notes

[etch] - cacti <not-affected> (Not exploitable with Etch PHP version)
this is prevented by PHP since 4.4.2/5.1.2.
Search for package or bug name: Reporting problems