CVE-2012-3513 - Vulnerability Details - OpenCVE

munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Munin-monitoring	Munin

Configuration 1 [-]

OR	cpe:2.3:a:munin-monitoring:munin::::::::
	cpe:2.3:a:munin-monitoring:munin:2.0-beta1:::::::*
	cpe:2.3:a:munin-monitoring:munin:2.0-beta2:::::::*
	cpe:2.3:a:munin-monitoring:munin:2.0-beta3:::::::*
	cpe:2.3:a:munin-monitoring:munin:2.0-beta4:::::::*
	cpe:2.3:a:munin-monitoring:munin:2.0-beta5:::::::*
	cpe:2.3:a:munin-monitoring:munin:2.0-beta6:::::::*
	cpe:2.3:a:munin-monitoring:munin:2.0-beta7:::::::*
	cpe:2.3:a:munin-monitoring:munin:2.0-rc1:::::::*
	cpe:2.3:a:munin-monitoring:munin:2.0-rc2:::::::*
	cpe:2.3:a:munin-monitoring:munin:2.0-rc3:::::::*
	cpe:2.3:a:munin-monitoring:munin:2.0-rc4:::::::*
	cpe:2.3:a:munin-monitoring:munin:2.0-rc5:::::::*
	cpe:2.3:a:munin-monitoring:munin:2.0-rc6:::::::*
	cpe:2.3:a:munin-monitoring:munin:2.0-rc7:::::::*
	cpe:2.3:a:munin-monitoring:munin:2.0.0:::::::*
	cpe:2.3:a:munin-monitoring:munin:2.0.1:::::::*
	cpe:2.3:a:munin-monitoring:munin:2.0.2:::::::*
	cpe:2.3:a:munin-monitoring:munin:2.0.3:::::::*
	cpe:2.3:a:munin-monitoring:munin:2.0.4:::::::*

No data.

References

Link	Providers
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684076
http://www.munin-monitoring.org/ticket/1238
http://www.openwall.com/lists/oss-security/2012/08/21/1
http://www.ubuntu.com/usn/USN-1622-1

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-11-21T23:00:00Z

Updated: 2024-09-16T17:48:02.812Z

Reserved: 2012-06-14T00:00:00Z

Link: CVE-2012-3513

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2012-11-21T23:55:01.633

Modified: 2025-04-11T00:51:21.963

Link: CVE-2012-3513

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-11-21T23:00:00Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "USN-1622-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1622-1"}, {"name": "[oss-security] 20120820 Two munin issues, now with CVEs", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/08/21/1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684076"}, {"tags": ["x_refsource_MISC"], "url": "http://www.munin-monitoring.org/ticket/1238"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-3513", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-1622-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1622-1"}, {"name": "[oss-security] 20120820 Two munin issues, now with CVEs", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/08/21/1"}, {"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684076", "refsource": "CONFIRM", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684076"}, {"name": "http://www.munin-monitoring.org/ticket/1238", "refsource": "MISC", "url": "http://www.munin-monitoring.org/ticket/1238"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T20:05:12.753Z"}, "title": "CVE Program Container", "references": [{"name": "USN-1622-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1622-1"}, {"name": "[oss-security] 20120820 Two munin issues, now with CVEs", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/08/21/1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684076"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.munin-monitoring.org/ticket/1238"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-3513", "datePublished": "2012-11-21T23:00:00Z", "dateReserved": "2012-06-14T00:00:00Z", "dateUpdated": "2024-09-16T17:48:02.812Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:munin-monitoring:munin:*:*:*:*:*:*:*:*", "matchCriteriaId": "1286861D-C595-4ED2-8A04-F68108B30245", "versionEndIncluding": "2.0.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:munin-monitoring:munin:2.0-beta1:*:*:*:*:*:*:*", "matchCriteriaId": "62D36651-D8E6-4DF9-8DF2-01523F6D0C19", "vulnerable": true}, {"criteria": "cpe:2.3:a:munin-monitoring:munin:2.0-beta2:*:*:*:*:*:*:*", "matchCriteriaId": "DE3B639A-A0E6-4B07-B39C-F751D9CFD0D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:munin-monitoring:munin:2.0-beta3:*:*:*:*:*:*:*", "matchCriteriaId": "E1E0EDCC-13B3-41D4-8068-05F18FA92AC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:munin-monitoring:munin:2.0-beta4:*:*:*:*:*:*:*", "matchCriteriaId": "A4F79039-7263-4FB5-A6DB-8650D1F2C55C", "vulnerable": true}, {"criteria": "cpe:2.3:a:munin-monitoring:munin:2.0-beta5:*:*:*:*:*:*:*", "matchCriteriaId": "4E8739F3-D2B7-4C63-AE14-65B428FBA382", "vulnerable": true}, {"criteria": "cpe:2.3:a:munin-monitoring:munin:2.0-beta6:*:*:*:*:*:*:*", "matchCriteriaId": "6E254691-CE75-45B8-B0BB-79EAC9C591C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:munin-monitoring:munin:2.0-beta7:*:*:*:*:*:*:*", "matchCriteriaId": "E70D806B-BC8F-4035-813B-1DCF99836EDE", "vulnerable": true}, {"criteria": "cpe:2.3:a:munin-monitoring:munin:2.0-rc1:*:*:*:*:*:*:*", "matchCriteriaId": "34274474-1010-4176-940F-0F602AD8C600", "vulnerable": true}, {"criteria": "cpe:2.3:a:munin-monitoring:munin:2.0-rc2:*:*:*:*:*:*:*", "matchCriteriaId": "EE24C54E-8C32-42A8-848F-EF9C6CB75FA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:munin-monitoring:munin:2.0-rc3:*:*:*:*:*:*:*", "matchCriteriaId": "D6BDE732-11D7-492D-9467-9108F774759D", "vulnerable": true}, {"criteria": "cpe:2.3:a:munin-monitoring:munin:2.0-rc4:*:*:*:*:*:*:*", "matchCriteriaId": "7F02122D-3FA6-4C6A-B3FE-0C2E8613308B", "vulnerable": true}, {"criteria": "cpe:2.3:a:munin-monitoring:munin:2.0-rc5:*:*:*:*:*:*:*", "matchCriteriaId": "958CF75F-7BB5-4112-84B0-BBCBB514FD31", "vulnerable": true}, {"criteria": "cpe:2.3:a:munin-monitoring:munin:2.0-rc6:*:*:*:*:*:*:*", "matchCriteriaId": "E99095F4-148B-4DC5-B199-0150E80672F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:munin-monitoring:munin:2.0-rc7:*:*:*:*:*:*:*", "matchCriteriaId": "1CD5ECF3-F36E-4BAC-9A41-47C426EF9A98", "vulnerable": true}, {"criteria": "cpe:2.3:a:munin-monitoring:munin:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "FBEFB6B1-7A5F-4C37-8C84-BF92A024A840", "vulnerable": true}, {"criteria": "cpe:2.3:a:munin-monitoring:munin:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "16EFB096-6739-4952-B921-1CD83E8140F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:munin-monitoring:munin:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "7DA938C8-06F1-4DD7-B26A-4219DDCF8375", "vulnerable": true}, {"criteria": "cpe:2.3:a:munin-monitoring:munin:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "9358CF9C-02BC-4651-B042-DB1EF0904096", "vulnerable": true}, {"criteria": "cpe:2.3:a:munin-monitoring:munin:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "72690B15-9008-4C76-B936-7A6C6835DF19", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command."}, {"lang": "es", "value": "munin-cgi-graph en Munin antes de v2.0.6, cuando se ejecuta como un m\u00f3dulo CGI bajo Apache, permite a atacantes remotos cargar nuevas configuraciones y crear archivos en directorios arbitrarios mediante el comando logdir."}], "id": "CVE-2012-3513", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-11-21T23:55:01.633", "references": [{"source": "secalert@redhat.com", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684076"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.munin-monitoring.org/ticket/1238"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/08/21/1"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-1622-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684076"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.munin-monitoring.org/ticket/1238"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/08/21/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-1622-1"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}