CVE Vulnerabilities

CVE-2012-3513

Published: Nov 21, 2012 | Modified: Nov 23, 2012
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
9.3 HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.

Affected Software

Name Vendor Start Version End Version
Munin Munin-monitoring 2.0.2 2.0.2
Munin Munin-monitoring 2.0-beta3 2.0-beta3
Munin Munin-monitoring 2.0-beta4 2.0-beta4
Munin Munin-monitoring 2.0-rc3 2.0-rc3
Munin Munin-monitoring 2.0-beta5 2.0-beta5
Munin Munin-monitoring 2.0.1 2.0.1
Munin Munin-monitoring * 2.0.5
Munin Munin-monitoring 2.0-rc5 2.0-rc5
Munin Munin-monitoring 2.0-beta2 2.0-beta2
Munin Munin-monitoring 2.0-beta7 2.0-beta7
Munin Munin-monitoring 2.0-rc6 2.0-rc6
Munin Munin-monitoring 2.0-rc1 2.0-rc1
Munin Munin-monitoring 2.0.0 2.0.0
Munin Munin-monitoring 2.0-beta1 2.0-beta1
Munin Munin-monitoring 2.0-rc7 2.0-rc7
Munin Munin-monitoring 2.0.3 2.0.3
Munin Munin-monitoring 2.0-rc2 2.0-rc2
Munin Munin-monitoring 2.0-rc4 2.0-rc4
Munin Munin-monitoring 2.0-beta6 2.0-beta6
Munin Munin-monitoring 2.0.4 2.0.4

References