Cacti 0.8.7a Multiple Vulnerabilities Advisory

On February 12, 2008, the CXSecurity portal published an advisory regarding serious multiple vulnerabilities found in the Cacti monitoring platform version 0.8.7a. The technical analysis, signed by Francesco “ascii” Ongaro and Antonio “s4tan” Parata, described in detail flaws such as XSS, SQL Injection, Path Disclosure, and HTTP Response Splitting. The risk was classified as high (CVSS 9/10), with the possibility of attacks even without authentication. The technical bulletin, accompanied by proof of concepts and exploit examples, had a significant impact in the sector, prompting the vendor to release corrective versions (0.8.7b and 0.8.6k) and dedicated patches.