Cacti v.0.8.8h released

Posted on Posted in Vulnerabilities And Software upgrades

Decription: Recently the latest release of Cacti monitoring had been anounced.

Changes:

  • Authentication using web authentication as a user not in the cacti database allows complete access (regression)
  • Cacti SQL Injection Vulnerability
  • When click the [Clear] button after clicking the [Refresh] button in Preview Mode , fails to CSRFcheck
  • CVE-2016-3659 - Cacti graph_view.php SQL Injection Vulnerability
  • Outdated MIBs for non-unicast packets
  • Index is a MySQL 5.6 reserved word
  • generate_graph_def_name() generates reserved word "cf"

Recommended action: Apply the latest upgrade.

Origin URLs:

Leave a Reply

Your email address will not be published. Required fields are marked *