ID de Prueba:	1.3.6.1.4.1.25623.1.0.702970
Categoría:	Debian Local Security Checks
Título:	Debian Security Advisory DSA 2970-1 (cacti - security update)
Resumen:	Multiple security issues (cross-site scripting, cross-site request;forgery, SQL injections, missing input sanitising) have been found in;Cacti, a web frontend for RRDTool.
Descripción:	Summary: Multiple security issues (cross-site scripting, cross-site request forgery, SQL injections, missing input sanitising) have been found in Cacti, a web frontend for RRDTool. Affected Software/OS: cacti on Debian Linux Solution: For the stable distribution (wheezy), these problems have been fixed in version 0.8.8a+dfsg-5+deb7u3. For the testing distribution (jessie), these problems have been fixed in version 0.8.8b+dfsg-6. For the unstable distribution (sid), these problems have been fixed in version 0.8.8b+dfsg-6. We recommend that you upgrade your cacti packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-2326 BugTraq ID: 66390 http://www.securityfocus.com/bid/66390 Bugtraq: 20140324 Deutsche Telekom CERT Advisory [DTC-A-20140324-001] vulnerabilities in cacti (Google Search) http://www.securityfocus.com/archive/1/531588 Debian Security Information: DSA-2970 (Google Search) http://www.debian.org/security/2014/dsa-2970 http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131842.html http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131821.html https://security.gentoo.org/glsa/201509-03 http://packetstormsecurity.com/files/125849/Deutsche-Telekom-CERT-Advisory-DTC-A-20140324-001.html http://secunia.com/advisories/57647 http://secunia.com/advisories/59203 SuSE Security Announcement: openSUSE-SU-2015:0479 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html Common Vulnerability Exposure (CVE) ID: CVE-2014-2327 BugTraq ID: 66392 http://www.securityfocus.com/bid/66392 http://jvn.jp/en/jp/JVN55076671/index.html http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-002239.html Common Vulnerability Exposure (CVE) ID: CVE-2014-2328 BugTraq ID: 66387 http://www.securityfocus.com/bid/66387 Common Vulnerability Exposure (CVE) ID: CVE-2014-2708 BugTraq ID: 66555 http://www.securityfocus.com/bid/66555 http://seclists.org/oss-sec/2014/q2/2 http://seclists.org/oss-sec/2014/q2/15 XForce ISS Database: cacti-cve20142708-sql-injection(92278) https://exchange.xforce.ibmcloud.com/vulnerabilities/92278 Common Vulnerability Exposure (CVE) ID: CVE-2014-2709 BugTraq ID: 66630 http://www.securityfocus.com/bid/66630 Common Vulnerability Exposure (CVE) ID: CVE-2014-4002 BugTraq ID: 68257 http://www.securityfocus.com/bid/68257 http://secunia.com/advisories/59517
Copyright	Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.