Launchpad.net

CVE 2008-0786

CRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k, when running on older PHP interpreters, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Related bugs and status

CVE-2008-0786 (Candidate) is related to these bugs:

Bug #193744: [SECURITY] cacti - CVE-2008-0785 and CVE-2008-0786

		In	Importance	Status
193744	[SECURITY] cacti - CVE-2008-0785 and CVE-2008-0786	cacti (Ubuntu)	High	Fix Released
193744	[SECURITY] cacti - CVE-2008-0785 and CVE-2008-0786	cacti (Ubuntu Hardy)	High	Fix Released
193744	[SECURITY] cacti - CVE-2008-0785 and CVE-2008-0786	cacti (Ubuntu Gutsy)	Undecided	Won't Fix
193744	[SECURITY] cacti - CVE-2008-0785 and CVE-2008-0786	cacti (Ubuntu Feisty)	Undecided	Won't Fix
193744	[SECURITY] cacti - CVE-2008-0785 and CVE-2008-0786	cacti (Ubuntu Edgy)	Undecided	Won't Fix
193744	[SECURITY] cacti - CVE-2008-0785 and CVE-2008-0786	cacti (Ubuntu Dapper)	Undecided	Won't Fix
193744	[SECURITY] cacti - CVE-2008-0785 and CVE-2008-0786	cacti (Debian)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.cacti.net/r...
BID: 27749
SECTRACK: 1019414
SECUNIA: 28872
MANDRIVA: MDVSA-2008:052
CONFIRM: https://bugzilla.redha...
FEDORA: FEDORA-2008-1699
FEDORA: FEDORA-2008-1737
SUSE: SUSE-SR:2008:005
SECUNIA: 28976
SECUNIA: 29242
GENTOO: GLSA-200803-18
SECUNIA: 29274
SREASON: 3657
VUPEN: ADV-2008-0540
BUGTRAQ: 20080212 Cacti 0.8.7a ...
BUGTRAQ: 20080212 cacti -- Mult...