CVE-2015-6816

NameCVE-2015-6816
Descriptionganglia-web before 3.7.1 allows remote attackers to bypass authentication.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severityhigh (attack range: remote)
Debian Bugs798213

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ganglia (PTS)wheezy3.3.8-1+nmu1vulnerable
jessie3.6.0-6fixed
buster, sid, stretch3.6.0-7fixed
ganglia-web (PTS)jessie3.6.1-1vulnerable
buster, sid, stretch3.6.1-3vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gangliasource(unstable)3.6.0-1unimportant
gangliasourcesqueeze(not affected)
ganglia-websource(unstable)(unfixed)unimportant798213

Notes

[squeeze] - ganglia <not-affected> (affected code not present)
See README.Debian.security, only supported behind an authenticated HTTP zone, #702776
starting with 3.6.0-1 the web front is no longer built from src:ganglia so marking this version as fixed
http://www.openwall.com/lists/oss-security/2015/09/04/2
https://github.com/ganglia/ganglia-web/issues/267

Search for package or bug name: Reporting problems