[Bug 78453] Re: cacti remote injection exploit

Mark Schouten Tue, 09 Jan 2007 07:45:33 -0800

This is quite easy to work around. Add the following lines to
/etc/cacti/apache.conf:


        <Files cmd.php>
                Deny from All
        </Files>
        <Files poller.php>
                Deny from All
        </Files>

These script shouldn't be reachable through the webserver anyways.


** Changed in: cacti (Ubuntu)
       Status: Unconfirmed => Confirmed

-- 
cacti remote injection exploit
https://launchpad.net/bugs/78453

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 78453] Re: cacti remote injection exploit

Reply via email to