CVE-2007-3112 - Vulnerability Details - OpenCVE

graph_image.php in Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_start or (2) graph_end parameter, different vectors than CVE-2007-3113.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
The Cacti Group	Cacti

Configuration 1 [-]

cpe:2.3:a:the_cacti_group:cacti:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0074.html
http://bugs.cacti.net/view.php?id=955
http://fedoranews.org/updates/FEDORA-2007-219.shtml
http://mdessus.free.fr/?p=15
http://osvdb.org/37019
http://secunia.com/advisories/25557
http://secunia.com/advisories/26872
http://svn.cacti.net/cgi-bin/viewcvs.cgi/branches/BRANCH_0_8_6/cacti/graph_image.php?rev=3956&r1=3898&r2=3956
http://www.mandriva.com/security/advisories?name=MDKSA-2007:184
https://bugzilla.redhat.com/show_bug.cgi?id=243592
https://exchange.xforce.ibmcloud.com/vulnerabilities/34747

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-06-07T21:00:00

Updated: 2024-08-07T14:05:29.251Z

Reserved: 2007-06-07T00:00:00

Link: CVE-2007-3112

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-06-07T21:30:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-3112

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-06-02T00:00:00", "descriptions": [{"lang": "en", "value": "graph_image.php in Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_start or (2) graph_end parameter, different vectors than CVE-2007-3113."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://mdessus.free.fr/?p=15"}, {"name": "26872", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26872"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=243592"}, {"name": "MDKSA-2007:184", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:184"}, {"name": "20070605 Cacti Denial of Service", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0074.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.cacti.net/view.php?id=955"}, {"name": "25557", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25557"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://svn.cacti.net/cgi-bin/viewcvs.cgi/branches/BRANCH_0_8_6/cacti/graph_image.php?rev=3956&r1=3898&r2=3956"}, {"name": "FEDORA-2007-2199", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://fedoranews.org/updates/FEDORA-2007-219.shtml"}, {"name": "cacti-graphstart-graphend-dos(34747)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34747"}, {"name": "37019", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/37019"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-3112", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "graph_image.php in Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_start or (2) graph_end parameter, different vectors than CVE-2007-3113."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://mdessus.free.fr/?p=15", "refsource": "MISC", "url": "http://mdessus.free.fr/?p=15"}, {"name": "26872", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26872"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=243592", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=243592"}, {"name": "MDKSA-2007:184", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:184"}, {"name": "20070605 Cacti Denial of Service", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0074.html"}, {"name": "http://bugs.cacti.net/view.php?id=955", "refsource": "CONFIRM", "url": "http://bugs.cacti.net/view.php?id=955"}, {"name": "25557", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25557"}, {"name": "http://svn.cacti.net/cgi-bin/viewcvs.cgi/branches/BRANCH_0_8_6/cacti/graph_image.php?rev=3956&r1=3898&r2=3956", "refsource": "CONFIRM", "url": "http://svn.cacti.net/cgi-bin/viewcvs.cgi/branches/BRANCH_0_8_6/cacti/graph_image.php?rev=3956&r1=3898&r2=3956"}, {"name": "FEDORA-2007-2199", "refsource": "FEDORA", "url": "http://fedoranews.org/updates/FEDORA-2007-219.shtml"}, {"name": "cacti-graphstart-graphend-dos(34747)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34747"}, {"name": "37019", "refsource": "OSVDB", "url": "http://osvdb.org/37019"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:05:29.251Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://mdessus.free.fr/?p=15"}, {"name": "26872", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26872"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=243592"}, {"name": "MDKSA-2007:184", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:184"}, {"name": "20070605 Cacti Denial of Service", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0074.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.cacti.net/view.php?id=955"}, {"name": "25557", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25557"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://svn.cacti.net/cgi-bin/viewcvs.cgi/branches/BRANCH_0_8_6/cacti/graph_image.php?rev=3956&r1=3898&r2=3956"}, {"name": "FEDORA-2007-2199", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://fedoranews.org/updates/FEDORA-2007-219.shtml"}, {"name": "cacti-graphstart-graphend-dos(34747)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34747"}, {"name": "37019", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/37019"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-3112", "datePublished": "2007-06-07T21:00:00", "dateReserved": "2007-06-07T00:00:00", "dateUpdated": "2024-08-07T14:05:29.251Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:the_cacti_group:cacti:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6D665BF-4F89-4333-81B2-0D6821E91C09", "versionEndIncluding": "0.8.6i", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "graph_image.php in Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_start or (2) graph_end parameter, different vectors than CVE-2007-3113."}, {"lang": "es", "value": "Cacti 0.8.6i y, posiblemente otras versiones, permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (agotamiento de CPU) mediante un valor largo en los par\u00e1metros (1) graph_start o (2) graph_end."}], "evaluatorSolution": "The vendor", "id": "CVE-2007-3112", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-06-07T21:30:00.000", "references": [{"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0074.html"}, {"source": "cve@mitre.org", "url": "http://bugs.cacti.net/view.php?id=955"}, {"source": "cve@mitre.org", "url": "http://fedoranews.org/updates/FEDORA-2007-219.shtml"}, {"source": "cve@mitre.org", "url": "http://mdessus.free.fr/?p=15"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/37019"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/25557"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/26872"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://svn.cacti.net/cgi-bin/viewcvs.cgi/branches/BRANCH_0_8_6/cacti/graph_image.php?rev=3956&r1=3898&r2=3956"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:184"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=243592"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34747"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0074.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.cacti.net/view.php?id=955"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://fedoranews.org/updates/FEDORA-2007-219.shtml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://mdessus.free.fr/?p=15"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/37019"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/25557"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/26872"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://svn.cacti.net/cgi-bin/viewcvs.cgi/branches/BRANCH_0_8_6/cacti/graph_image.php?rev=3956&r1=3898&r2=3956"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:184"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=243592"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34747"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}