oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE Request - Cacti - 0.8.7e

From: Jan Lieskovsky <jlieskov () redhat com>
Date: Wed, 25 Nov 2009 14:35:26 +0100
Hello vendors,

  Moritz Naumann reported multiple cross-site scripting flaws in
recent version of Cacti.

References:
-----------
http://www.cacti.net/download_patches.php
http://docs.cacti.net/#cross-site_scripting_fixes
http://www.securityfocus.com/bid/37109/info
http://bugs.gentoo.org/show_bug.cgi?id=294573

Upstream patch:
---------------
http://www.cacti.net/downloads/patches/0.8.7e/cross_site_fix.patch

Looks like this is different issue than CVE-2008-0783, CVE-2008-0785
and CVE-2008-0786 were.

Could you allocate a CVE id?

Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team
Previous By Date Next
Previous By Thread Next

Current thread: