CVE-2007-3112
cacti - insufficient input sanitising
EPSS 2.8%
Description
graph_image.php in Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_start or (2) graph_end parameter, different vectors than CVE-2007-3113.
How to fix CVE-2007-3112
To remediate CVE-2007-3112, upgrade the affected package to a fixed version below.
- Debian/cacti—upgrade to 0.8.6j-1.1 or later
- Debian/cacti—upgrade to 0.8.6i-3.6 or later
Is CVE-2007-3112 being exploited?
Low — EPSS is 2.8%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 0.8.6j-1.1
- from 0, < 0.8.6i-3.6