Cacti Two Cross-Site Scipting Vulnerabilities


Description   Two cross-site scripting vulnerabilities have been identified in Cacti.
A remote attacker could exploit them by inciting their victim into following a specially crafted URL in order to execute arbitrary HTML/JavaScript code.
These vulnerabilities are located in the "data_sources.php" page.
The cacti packages provided by Debian Squeeze 6 and Wheezy 7 are vulnerable.
Updated, 21/06/2015:
The cacti packages provided by FreeBSD are vulnerable.
     
Vulnerable Products   Vulnerable OS:
FreeBSD (FreeBSD)GNU/Linux (Debian) - 6, 7openSUSE (SUSE) - 13.1, 13.2Vulnerable Software:
Cacti (The Cacti Group) - 0.8.8b
     
Solution   Fixed cacti packages for openSUSE 13.1 and 13.2 are available.Fixed cacti packages for Debian Squeeze 6 are available in LTS section.
     
CVE   CVE-2014-5026
CVE-2014-5025
     
References   - 0002456: XSS Vulnerability
http://bugs.cacti.net/view.php?id=2456
DST : cacti
https://security-tracker.debian.org/tracker/CVE-2014-5025
DST : cacti
https://security-tracker.debian.org/tracker/CVE-2014-5026
- Cacti : Changelog 0.8.8c
http://www.cacti.net/changelog.php
- openSUSE-SU-2015:0479-1 : Security update for cacti
http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html
DLA 40-1 : cacti security update
https://lists.debian.org/debian-lts-announce/2014/08/msg00014.html
- VuXML : cacti -- multiple security vulnerabilities
http://www.vuxml.org/freebsd/a0e74731-181b-11e5-a1cf-002590263bf5.html
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
XSS - Prevention - GET : suspicious 'iframe' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'meta' tag found in URL
3.2.0
XSS - Prevention - POST : suspicious tag with event found in data
3.2.0
XSS - Prevention - GET : suspicious tag with event found in URL
3.2.0
XSS - Prevention - POST : suspicious 'meta' tag found in data
3.2.0
XSS - Prevention - POST : suspicious 'object' tag found in data
3.2.0
XSS - Prevention - GET : suspicious 'applet' tag found in URL
3.2.0
XSS - Prevention - POST : suspicious 'applet' tag found in data
3.2.0
XSS - Prevention - POST : 'location' javascript object found in data
3.2.0
XSS - Phishing : suspicious 'div' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'style' attribute found in URL
3.2.0
XSS - Prevention - POST : javascript code found in data
3.2.0
XSS - Prevention - POST : suspicious 'iframe' tag found in data
3.2.0
XSS - Prevention - GET : suspicious 'img' tag found in URL
3.2.0
XSS - Prevention - POST : code allowing cookie access found in data
3.2.0
XSS - Prevention - POST : suspicious 'img' attribute found in data
3.2.0
XSS - Phishing : suspicious 'a' tag found in URL
3.2.0
XSS - Prevention - GET : cookie access attempt using script language found in URL
3.2.0
XSS - Prevention - GET : suspicious 'embed' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'object' tag found in URL
3.2.0
XSS - Phishing : suspicious 'form' tag found in URL
3.2.0
XSS - Prevention - POST : suspicious 'embed' tag found in data
3.2.0
XSS - Prevention - POST : suspicious 'style' tag found in data
3.2.0
XSS - Prevention - GET : javascript code found in URL
3.2.0
XSS - Prevention - POST : suspicious 'div' tag found in data
3.2.0
XSS - Prevention - GET : evasion attempt using tag characters encoding in URL
3.2.0
XSS - Prevention - GET : suspicious 'style' tag found in URL
3.2.0
XSS - Phishing : suspicious 'link' tag found in URL
3.2.0
XSS - Prevention - GET : 'script' tag found in URL
3.2.0
XSS - Prevention - POST : 'script' tag found in data
3.2.0
XSS - Prevention - POST : suspicious 'style' attribute found in data
3.2.0
XSS - Prevention - GET : 'location' javascript object found in URL
3.2.0
XSS - Prevention - GET : suspicious 'div' tag found in URL
3.2.0
XSS - Prevention - POST : suspicious 'style' tag found in data
5.0.0
XSS - Prevention - POST : javascript code found in data
5.0.0
XSS - Prevention - POST : suspicious tag with event found in data
5.0.0
XSS - Prevention - POST : suspicious 'embed' tag found in data
5.0.0
XSS - Prevention - POST : 'location' javascript object found in data
5.0.0
XSS - Prevention - POST : code allowing cookie access found in data
5.0.0
XSS - Prevention - POST : 'script' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'style' attribute found in data
5.0.0
XSS - Prevention - POST : suspicious 'applet' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'div' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'img' attribute found in data
5.0.0
XSS - Prevention - POST : suspicious 'meta' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'object' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'iframe' tag found in data
5.0.0
     


 
 
 
 
 Risk level 
Low 

 Vulnerability First Public Report Date 
2014-07-04 

 Target Type 
Client 

 Possible exploit 
Remote