Cacti 0.8.8e 发布,此版本包括两个重要的安全修复:
多个 XSS 和 SQL 注入漏洞
CVE-2015-4634 - graphs.php 上的 SQL 注入
更新日志:
bug: Fixed issue with graph zooming failing to work
bug: Fixed various SQL Injection vectors
bug#0002569: Impossible to have a URL pointing directly to a graph
bug#0002574: SQL Injection Vulnerabilities in graph items and graph template items
bug#0002577: CVE-2015-4634 - SQL injection in graphs.php
bug#0002579: SQL Injection Vulnerabilities in data sources
bug#0002580: SQL Injection in cdef.php
bug#0002582: SQL Injection in data_templates.php
bug#0002583: SQL Injection in graph_templates.php
bug#0002584: SQL Injection in host_templates.php
bug#0002586: Cannot delete data sources from the GUI
bug#0002592: graph_view.php - viewing host in new tab - Undefined index: nodeid
bug#0002594: status_fail_date and status_rec_date are set incorrectly after host is marked down
bug#0002597: Incorrect value in Hosts column on Host Templates page
bug#0002598: Incorrect row number in Devices -> (Edit) page
下载: cacti-0.8.8e.zip
Cacti在英文中的意思是仙人掌的意思,Cacti是一套基于PHP,MySQL,SNMP及RRDTool开发的网络流量监测图形分析工具。它通过 snmpget来获取数据,使用 RRDtool绘画图形,而且你完全可以不需要了解RRDtool复杂的参数。它提供了非常强大的数据和用户管理功能,可以指定每一个用户能查看树状结 构、host以及任何一张图,还可以与LDAP结合进行用户验证,同时也能自己增加模板,功能非常强大完善。
下图是cacti运行的主界面