oss-sec mailing list archives

Re: CVE Request - Cacti - 0.8.7e

From: Josh Bressers <bressers () redhat com>
Date: Wed, 25 Nov 2009 12:08:20 -0500 (EST)

As best as I can tell, one ID will suffice.

Please use CVE-2009-4032.

Thanks.

-- 
    JB


----- "Jan Lieskovsky" <jlieskov () redhat com> wrote:

Hello vendors,

   Moritz Naumann reported multiple cross-site scripting flaws in
recent version of Cacti.

References:
-----------
http://www.cacti.net/download_patches.php
http://docs.cacti.net/#cross-site_scripting_fixes
http://www.securityfocus.com/bid/37109/info
http://bugs.gentoo.org/show_bug.cgi?id=294573

Upstream patch:
---------------
http://www.cacti.net/downloads/patches/0.8.7e/cross_site_fix.patch

Looks like this is different issue than CVE-2008-0783, CVE-2008-0785
and CVE-2008-0786 were.

Could you allocate a CVE id?

Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Current thread:

CVE Request - Cacti - 0.8.7e Jan Lieskovsky (Nov 25)
- Re: CVE Request - Cacti - 0.8.7e Josh Bressers (Nov 25)
  - Re: CVE Request - Cacti - 0.8.7e oss-security (Nov 25)
    - Re: CVE Request - Cacti - 0.8.7e Steven M. Christey (Nov 30)