[3.6] cacti: Multiple vulnerabilities (CVE-2017-10970, CVE-2017-11163, CVE-2017-11691, CVE-2017-12065, CVE-2017-12066)
CVE-2017-10970: Cross-site scripting (XSS) vulnerability in link.php
in Cacti 1.1.12 allows remote anonymous users to inject
arbitrary web script or HTML via the id parameter, related to the
die_html_input_error function in lib/html_validate.php.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-10970
http://www.securitytracker.com/id/1038908
CVE-2017-11163: Cross-site scripting (XSS) vulnerability in
aggregate_graphs.php in Cacti 1.1.12 allows remote authenticated
users
to inject arbitrary web script or HTML via specially crafted HTTP
Referer headers, related to the $cancel_url variable.
References:
https://github.com/Cacti/cacti/issues/847
CVE-2017-11691: Cross-site scripting (XSS) vulnerability in
auth_profile.php in Cacti 1.1.13 allows remote attackers
to inject arbitrary web script or HTML via specially crafted HTTP
Referer headers.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-11691
Patch:
https://github.com/Cacti/cacti/commit/104090aeead4aa433bf1f18cd6d52dcfeb71236c
CVE-2017-12065: spikekill.php in Cacti before 1.1.16 might allow
remote attackers to execute arbitrary code via the avgnan,
outlier-start, or outlier-end parameter.
References:
https://github.com/Cacti/cacti/issues/877
https://nvd.nist.gov/vuln/detail/CVE-2017-12065
Patch:
https://github.com/Cacti/cacti/commit/bd0e586f6f46d814930226f1516a194e7e72293e
CVE-2017-12066: Cross-site scripting (XSS) vulnerability in
aggregate_graphs.php in Cacti before 1.1.16 allows remote
authenticated users to inject arbitrary web script or HTML via specially
crafted HTTP Referer headers, related to the $cancel_url variable.
NOTE: this vulnerability exists because of an incomplete fix (lack of
the htmlspecialchars ENT_QUOTES flag) for CVE-2017-11163.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-12066
Patch:
https://github.com/Cacti/cacti/commit/bd0e586f6f46d814930226f1516a194e7e72293e
(from redmine: issue id 7690, created on 2017-08-15, closed on 2017-08-22)
- Changesets:
- Revision c9091ff1 by Natanael Copa on 2017-08-22T17:57:55Z:
community/cacti: security upgrade to 1.1.19
fixes #7690