vulnerability

Amazon Linux AMI: CVE-2014-4000: Security patch for cacti (ALAS-2017-817)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:S/C:P/I:P/A:P)	2017-03-11	2017-04-20	2022-10-14

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:P/A:P)

Published

2017-03-11

Added

2017-04-20

Modified

2022-10-14

Description

Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()).

Solution

amazon-linux-upgrade-cacti

References

AMAZON-ALAS-2017-817
GENTOO-GLSA-201711-10
NVD-CVE-2014-4000

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today