This is quite easy to work around. Add the following lines to /etc/cacti/apache.conf:
<Files cmd.php>
Deny from All
</Files>
<Files poller.php>
Deny from All
</Files>
These script shouldn't be reachable through the webserver anyways.
** Changed in: cacti (Ubuntu)
Status: Unconfirmed => Confirmed
--
cacti remote injection exploit
https://launchpad.net/bugs/78453
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
