CVE-2014-2327

Published: Apr 23, 2014Modified: May 6, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that (1) modify binary files, (2) modify configurations, or (3) add arbitrary users.

Affected (6)

Products: Cacti: Cacti · Debian: Debian Linux · Opensuse: Opensuse

1 product

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Cacti Cacti	From 0.8.7 to 0.8.7g
Cacti Cacti	From 0.8.8 to 0.8.8b

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 7.0
Debian Debian Linux	Version 8.0

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 13.1
Opensuse Opensuse	Version 13.2

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (18)

http://jvn.jp/en/jp/JVN55076671/index.html

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-002239.html

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/59203

Source: cve@mitre.org

Third Party Advisory

http://www.debian.org/security/2014/dsa-2970

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/archive/1/531588

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/66392

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://security.gentoo.org/glsa/201509-03

Source: cve@mitre.org

Third Party Advisory

http://jvn.jp/en/jp/JVN55076671/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-002239.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://secunia.com/advisories/59203

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.debian.org/security/2014/dsa-2970

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securityfocus.com/archive/1/531588

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/66392

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://security.gentoo.org/glsa/201509-03

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.