CVE-2017-16661 log
Source |
|
Severity | Medium |
Remote | Yes |
Type | Arbitrary filesystem access |
Description | Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd (with a Log Path under /etc) to read /etc/passwd. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-537 | cacti | 1.1.17-1 | 1.1.28-1 | High | Fixed |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
02 Dec 2017 | ASA-201712-2 | AVG-537 | cacti | High | multiple issues |