934187 – (CVE-2015-4342) VUL-0: CVE-2015-4342: cacti: Multiple XSS and SQL injection vulnerabilities

Bug 934187 (CVE-2015-4342) - VUL-0: CVE-2015-4342: cacti: Multiple XSS and SQL injection vulnerabilities

Summary: VUL-0: CVE-2015-4342: cacti: Multiple XSS and SQL injection vulnerabilities

Status:	RESOLVED FIXED
Duplicates (1):	CVE-2015-2665 (view as bug list)

Alias:	CVE-2015-4342

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other openSUSE 13.2

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	http://www.cacti.net/release_notes_0_...
Whiteboard:	CVSSv2:NVD:CVE-2015-4342:7.5:(AV:N/A...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2015-06-10 08:52 UTC by Andreas Stieger
Modified:	2019-08-16 17:04 UTC (History)
CC List:	4 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andreas Stieger 2015-06-10 08:52:33 UTC

The cacti 0.8.8d read:
http://www.cacti.net/release_notes_0_8_8d.php

Important Security Fixes

    Multiple XSS and SQL injection vulerabilities

Changelog
[...]
bug: Fixed SQL injection VN: JVN#78187936 / TN:JPCERT#98968540
[...]
bug#0002542: [FG-VD-15-017] Cacti Cross-Site Scripting Vulnerability Notification
[...]
bug#0002571: SQL Injection and Location header injection from cdef id CVE-2015-4342
bug#0002572: SQL injection in graph templates 

Affects openSUSE Tumbleweed (0.8.8c), 13.2, 13.1.

Comment 1 Swamp Workflow Management 2015-06-10 22:00:14 UTC

bugbot adjusting priority

Comment 2 Andreas Stieger 2015-06-11 09:46:19 UTC

CVE assigned
https://bugzilla.redhat.com/show_bug.cgi?id=1230295
http://seclists.org/fulldisclosure/2015/Jun/19
http://bugs.cacti.net/view.php?id=2571

Comment 3 Bernhard Wiedemann 2015-06-16 09:00:09 UTC

This is an autogenerated message for OBS integration:
This bug (934187) was mentioned in
https://build.opensuse.org/request/show/312225 13.2 / cacti
https://build.opensuse.org/request/show/312226 13.1 / cacti

Comment 4 Bernhard Wiedemann 2015-06-16 14:00:10 UTC

This is an autogenerated message for OBS integration:
This bug (934187) was mentioned in
https://build.opensuse.org/request/show/312278 13.1 / cacti
https://build.opensuse.org/request/show/312279 13.2 / cacti

Comment 5 Bernhard Wiedemann 2015-06-16 15:00:09 UTC

This is an autogenerated message for OBS integration:
This bug (934187) was mentioned in
https://build.opensuse.org/request/show/312287 13.2 / cacti
https://build.opensuse.org/request/show/312288 13.1 / cacti

Comment 6 Andreas Stieger 2015-06-17 07:03:50 UTC

Update is running.

Comment 7 Marcus Meissner 2015-06-18 09:05:35 UTC

*** Bug 935199 has been marked as a duplicate of this bug. ***

Comment 8 Swamp Workflow Management 2015-06-24 13:05:47 UTC

openSUSE-SU-2015:1133-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 934187
CVE References: CVE-2015-4342
Sources used:
openSUSE 13.2 (src):    cacti-0.8.8d-4.7.1
openSUSE 13.1 (src):    cacti-0.8.8d-11.1

Comment 9 Marcus Meissner 2015-06-24 14:22:31 UTC

released

Comment 10 Swamp Workflow Management 2018-07-28 18:11:16 UTC

This is an autogenerated message for OBS integration:
This bug (934187) was mentioned in
https://build.opensuse.org/request/show/625957 Backports:SLE-12 / cacti

Comment 11 Swamp Workflow Management 2018-08-03 22:12:05 UTC

openSUSE-OU-2018:2194-1: An update that fixes 33 vulnerabilities is now available.

Category: optional (low)
Bug References: 022564,1047512,1048102,1050950,1051633,1054390,1054742,1067163,1067164,1067166,1068028,1101024,1101139,837440,862993,867607,870821,872008,934187,937997,958863,958977,960678,965930,971357,974013
CVE References: CVE-2006-6799,CVE-2007-3112,CVE-2007-3113,CVE-2013-5588,CVE-2013-5589,CVE-2014-2326,CVE-2014-2327,CVE-2014-2328,CVE-2014-2708,CVE-2014-2709,CVE-2014-4000,CVE-2014-4002,CVE-2014-5025,CVE-2014-5026,CVE-2015-4342,CVE-2015-4634,CVE-2015-8369,CVE-2015-8377,CVE-2015-8604,CVE-2016-2313,CVE-2016-3172,CVE-2016-3659,CVE-2017-10970,CVE-2017-11163,CVE-2017-11691,CVE-2017-12065,CVE-2017-12927,CVE-2017-12978,CVE-2017-15194,CVE-2017-16641,CVE-2017-16660,CVE-2017-16661,CVE-2017-16785
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    cacti-1.1.38-2.1