oss-sec mailing list archives
CVE Request - Cacti - 0.8.7e
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Wed, 25 Nov 2009 14:35:26 +0100
Hello vendors, Moritz Naumann reported multiple cross-site scripting flaws in recent version of Cacti. References: ----------- http://www.cacti.net/download_patches.php http://docs.cacti.net/#cross-site_scripting_fixes http://www.securityfocus.com/bid/37109/info http://bugs.gentoo.org/show_bug.cgi?id=294573 Upstream patch: --------------- http://www.cacti.net/downloads/patches/0.8.7e/cross_site_fix.patch Looks like this is different issue than CVE-2008-0783, CVE-2008-0785 and CVE-2008-0786 were. Could you allocate a CVE id? Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request - Cacti - 0.8.7e Jan Lieskovsky (Nov 25)
- Re: CVE Request - Cacti - 0.8.7e Josh Bressers (Nov 25)
- Re: CVE Request - Cacti - 0.8.7e oss-security (Nov 25)
- Re: CVE Request - Cacti - 0.8.7e Steven M. Christey (Nov 30)
- Re: CVE Request - Cacti - 0.8.7e oss-security (Nov 25)
- Re: CVE Request - Cacti - 0.8.7e Josh Bressers (Nov 25)