CVE-2008-0786

Cacti 0.8.6-0.8.7 - HTTP Response Splitting via CRLF Injection

Title source: llm
STIX 2.1

Description

CRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k, when running on older PHP interpreters, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

References (17)

Core 17
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29242
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=432758
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3657
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200803-18.xml
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28872
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2008:052
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29274
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/488013/100/0/threaded
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0540
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/27749
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28976
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1019414
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/488018/100/0/threaded

Scores

EPSS 0.0177
EPSS Percentile 75.5%

Details

CWE
CWE-94
Status published
Products (16)
cacti/cacti 0.6.7
cacti/cacti 0.8
cacti/cacti 0.8.1
cacti/cacti 0.8.2
cacti/cacti 0.8.2a
cacti/cacti 0.8.3
cacti/cacti 0.8.3a
cacti/cacti 0.8.4
cacti/cacti 0.8.5
cacti/cacti 0.8.5a
... and 6 more
Published Feb 14, 2008
Tracked Since Feb 18, 2026