CVE-2015-6816

NameCVE-2015-6816
Descriptionganglia-web before 3.7.1 allows remote attackers to bypass authentication.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severityhigh
Debian Bugs798213

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ganglia (PTS)buster, stretch3.6.0-7fixed
bullseye, sid3.7.2-3fixed
ganglia-web (PTS)buster, stretch3.6.1-3vulnerable
bullseye, sid3.7.5+debian-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gangliasourcesqueeze(not affected)
gangliasource(unstable)3.6.0-1unimportant
ganglia-websource(unstable)3.7.5+debian-1unimportant798213

Notes

[squeeze] - ganglia <not-affected> (affected code not present)
See README.Debian.security, only supported behind an authenticated HTTP zone, #702776
starting with 3.6.0-1 the web front is no longer built from src:ganglia so marking this version as fixed
https://www.openwall.com/lists/oss-security/2015/09/04/2
https://github.com/ganglia/ganglia-web/issues/267
https://github.com/ganglia/ganglia-web/commit/f8cc17054270d54f53d92bbe3f7764dc3d9efcc7

Search for package or bug name: Reporting problems