Lucene search

PRIOn knowledge basePRION:CVE-2014-2709

HistoryApr 23, 2014 - 3:55 p.m.

Code injection

2014-04-2315:55:00

PRIOn knowledge base

www.prio-n.com

8 High

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.3%

JSON

lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified parameters.

CPENameOperatorVersion
cactige0.8.7
cactile0.8.7
cactige0.8.8
cactile0.8.8
debian_linuxeq8.0
debian_linuxeq7.0

Name	Operator	Version
cacti	ge	0.8.7
cacti	le	0.8.7
cacti	ge	0.8.8
cacti	le	0.8.8
debian_linux	eq	8.0
debian_linux	eq	7.0

References

seclists.org/oss-sec/2014/q2/15

secunia.com/advisories/57647

secunia.com/advisories/59203

svn.cacti.net/viewvc?view=rev&revision=7439

www.debian.org/security/2014/dsa-2970

www.securityfocus.com/bid/66630

bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768

lists.fedoraproject.org/pipermail/package-announce/2014-April/131821.html

lists.fedoraproject.org/pipermail/package-announce/2014-April/131842.html

security.gentoo.org/glsa/201509-03