CVE-2014-2327

NameCVE-2014-2327
DescriptionCross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that (1) modify binary files, (2) modify configurations, or (3) add arbitrary users.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
ReferencesDSA-2970-1
Debian Bugs742768

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
cacti (PTS)buster1.2.2+ds1-2+deb10u4fixed
buster (security)1.2.2+ds1-2+deb10u2fixed
bullseye1.2.16+ds1-2fixed
bookworm, sid1.2.22+ds1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
cactisourcesqueeze0.8.7g-1+squeeze4742768
cactisourcewheezy0.8.8a+dfsg-5+deb7u3DSA-2970-1
cactisource(unstable)0.8.8b+dfsg-6742768

Notes

http://bugs.cacti.net/view.php?id=2432
Search for package or bug name: Reporting problems