I have been testing the hosts.php file from the SVN to patch our existing Cacti installation from the cross-scripting vulnerability. From the SVN (http://svn.cacti.net/viewvc/cacti/branc ... h&view=log), I've tried both rev 6274 and rev 6280, but when I go to enable a device using either version and click continue on the confirmation screen, I see a blank page. Is there a way to fix that so it acts like it is supposed to (return to the list of devices)? I am running 0.8.7.g.
Thanks,
Diggity
Cacti Vulnerability
Moderators: Developers, Moderators
-
rony
- Developer/Forum Admin
- Posts: 6022
- Joined: Mon Nov 17, 2003 6:35 pm
- Location: Michigan, USA
- Contact:
Re: Cacti Vulnerability
[size=117][i][b]Tony Roman[/b][/i][/size]
[size=84][i]Experience is what causes a person to make new mistakes instead of old ones.[/i][/size]
[size=84][i]There are only 3 way to complete a project: Good, Fast or Cheap, pick two.[/i][/size]
[size=84][i]With age comes wisdom, what you choose to do with it determines whether or not you are wise.[/i][/size]
[size=84][i]Experience is what causes a person to make new mistakes instead of old ones.[/i][/size]
[size=84][i]There are only 3 way to complete a project: Good, Fast or Cheap, pick two.[/i][/size]
[size=84][i]With age comes wisdom, what you choose to do with it determines whether or not you are wise.[/i][/size]
Re: Cacti Vulnerability
I've updated the ticket with what I believe is the cause.
Re: Cacti Vulnerability
The solution is to install both host.php and lib/utility.php from the SVN.
Who is online
Users browsing this forum: No registered users and 1 guest