CVE-2014-2327 Information

Description

Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g 0.8.8b and earlier allows remote attackers to hijack the authentication of users for unspecified commands as demonstrated by requests that (1) modify binary files (2) modify configurations or (3) add arbitrary users.

Reference

http://jvn.jp/en/jp/JVN55076671/index.html http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-002239.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html http://secunia.com/advisories/59203 http://www.debian.org/security/2014/dsa-2970 http://www.securityfocus.com/archive/1/531588 http://www.securityfocus.com/bid/66392 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768 https://security.gentoo.org/glsa/201509-03