CVE-2015-6816 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 83%

Affected Products (NVD)

Vendor	Product	Version
ganglia	ganglia-web	𝑥 ≤ 3.7.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

ganglia

bookworm	3.7.2-6 fixed
bullseye	3.7.2-4 fixed
sid	3.7.2-7 fixed
squeeze	not-affected

ganglia-web

bookworm	3.7.5+debian-4 fixed
bullseye	3.7.5+debian-3 fixed
sid	3.7.6+debian-1 fixed
squeeze	not-affected
trixie	3.7.6+debian-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

ganglia

artful	not-affected
bionic	not-affected
cosmic	not-affected
disco	not-affected
eoan	not-affected
focal	not-affected
groovy	not-affected
hirsute	not-affected
impish	not-affected
jammy	not-affected
kinetic	not-affected
lunar	not-affected
mantic	not-affected
noble	not-affected
precise	ignored
trusty	not-affected
vivid	not-affected
wily	not-affected
xenial	not-affected
yakkety	not-affected
zesty	not-affected

ganglia-web

artful	ignored
bionic	needed
cosmic	ignored
disco	ignored
eoan	ignored
focal	needed
groovy	ignored
hirsute	not-affected
impish	not-affected
jammy	not-affected
kinetic	not-affected
lunar	not-affected
mantic	not-affected
noble	not-affected
precise	dne
trusty	dne
vivid	ignored
wily	ignored
xenial	needed
yakkety	ignored
zesty	ignored

Known Exploits!

Common Weakness Enumeration

CWE-287 - Improper Authentication
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

References

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170362.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169641.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169788.html

http://www.openwall.com/lists/oss-security/2015/09/05/6

http://www.securityfocus.com/bid/92146

https://bugzilla.redhat.com/show_bug.cgi?id=1260562

https://github.com/ganglia/ganglia-web/issues/267

https://www.freshports.org/sysutils/ganglia-webfrontend/

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170362.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169641.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169788.html

http://www.openwall.com/lists/oss-security/2015/09/05/6

http://www.securityfocus.com/bid/92146

https://bugzilla.redhat.com/show_bug.cgi?id=1260562

https://github.com/ganglia/ganglia-web/issues/267

https://www.freshports.org/sysutils/ganglia-webfrontend/