Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2009-4032

Disclosure Date: November 29, 2009
CVE-2009-4032
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) graph.php, (2) include/top_graph_header.php, (3) lib/html_form.php, and (4) lib/timespan_settings.php, as demonstrated by the (a) graph_end or (b) graph_start parameters to graph.php; © the date1 parameter in a tree action to graph_view.php; and the (d) page_refresh and (e) default_dual_pane_width parameters to graph_settings.php.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

Products

References

Canonical
CVE-2009-4032 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4032)
BID-37109 (http://www.securityfocus.com/bid/37109)
Advisory
http://www.cacti.net/download_patches.php
20091126 Cacti 0.8.7e: Multiple security issues (http://www.securityfocus.com/archive/1/508129/100/0/threaded)
20091125 Cacti 0.8.7e: Multiple security issues (http://archives.neohapsis.com/archives/fulldisclosure/2009-11/0292.html)
FEDORA-2009-12575 (https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01390.html)
SECUNIA-38087 (http://secunia.com/advisories/38087)
JVN#09758120 (http://jvn.jp/en/jp/JVN09758120/index.html)
XF-cacti-name-xss(54388) (https://exchange.xforce.ibmcloud.com/vulnerabilities/54388)
SECUNIA-41041 (http://secunia.com/advisories/41041)
JVNDB-2009-003901 (http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-003901.html)
https://rhn.redhat.com/errata/RHSA-2010-0635.html
[oss-security] 20091125 CVE Request - Cacti - 0.8.7e (http://www.openwall.com/lists/oss-security/2009/11/25/2)
[oss-security] 20091130 Re: CVE Request - Cacti - 0.8.7e (http://www.openwall.com/lists/oss-security/2009/11/30/2)
SECUNIA-37481 (http://secunia.com/advisories/37481)
[oss-security] 20091125 Re: CVE Request - Cacti - 0.8.7e (http://www.openwall.com/lists/oss-security/2009/11/25/4)
[oss-security] 20091126 Re: CVE Request - Cacti - 0.8.7e (http://www.openwall.com/lists/oss-security/2009/11/26/1)
ADV-2009-3325 (http://www.vupen.com/english/advisories/2009/3325)
ADV-2010-2132 (http://www.vupen.com/english/advisories/2010/2132)
SECUNIA-37934 (http://secunia.com/advisories/37934)
OSVDB-60483 (http://www.osvdb.org/60483)
http://bugs.gentoo.org/show_bug.cgi?id=294573
FEDORA-2009-12560 (https://www.redhat.com/archives/fedora-package-announce/2010-January/msg00166.html)
http://www.cacti.net/downloads/patches/0.8.7e/cross_site_fix.patch
Miscellaneous
https://bugzilla.redhat.com/show_bug.cgi?id=541279
http://docs.cacti.net/#cross-site_scripting_fixes
https://access.redhat.com/errata/RHSA-2010:0635
https://access.redhat.com/security/cve/CVE-2009-4032

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis