Candidate: CVE-2015-6816
PublicDate: 2017-08-09 18:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6816
 http://www.openwall.com/lists/oss-security/2015/09/04/2
 https://github.com/ganglia/ganglia-web/issues/267
Description:
 ganglia-web before 3.7.1 allows remote attackers to bypass authentication.
Ubuntu-Description:
Notes:
 sbeattie> web interface moved out of ganglia and into ganglia-web in 3.6.0-1
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798213
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_ganglia:
upstream_ganglia: released (3.6.0-1)
precise_ganglia: ignored (reached end-of-life)
precise/esm_ganglia: DNE (precise was needs-triage)
trusty_ganglia: not-affected (3.6.0-1ubuntu2)
trusty/esm_ganglia: not-affected (3.6.0-1ubuntu2)
vivid_ganglia: not-affected
vivid/stable-phone-overlay_ganglia: DNE
vivid/ubuntu-core_ganglia: DNE
wily_ganglia: not-affected
xenial_ganglia: not-affected
yakkety_ganglia: not-affected
zesty_ganglia: not-affected
artful_ganglia: not-affected
bionic_ganglia: not-affected
cosmic_ganglia: not-affected
disco_ganglia: not-affected
eoan_ganglia: not-affected
focal_ganglia: not-affected
groovy_ganglia: not-affected
hirsute_ganglia: not-affected
impish_ganglia: not-affected
jammy_ganglia: not-affected
devel_ganglia: not-affected

Patches_ganglia-web:
 upstream: https://github.com/ganglia/ganglia-web/commit/f8cc17054270d54f53d92bbe3f7764dc3d9efcc7
upstream_ganglia-web: released (3.7.1)
precise_ganglia-web: DNE
precise/esm_ganglia-web: DNE
trusty_ganglia-web: ignored (reached end-of-life)
trusty/esm_ganglia-web: DNE (trusty was needed)
vivid_ganglia-web: ignored (reached end-of-life)
vivid/stable-phone-overlay_ganglia-web: DNE
vivid/ubuntu-core_ganglia-web: DNE
wily_ganglia-web: ignored (reached end-of-life)
xenial_ganglia-web: ignored (end of standard support, was needed)
yakkety_ganglia-web: ignored (reached end-of-life)
zesty_ganglia-web: ignored (reached end-of-life)
artful_ganglia-web: ignored (reached end-of-life)
bionic_ganglia-web: needed
cosmic_ganglia-web: ignored (reached end-of-life)
disco_ganglia-web: ignored (reached end-of-life)
eoan_ganglia-web: ignored (reached end-of-life)
focal_ganglia-web: needed
groovy_ganglia-web: ignored (reached end-of-life)
hirsute_ganglia-web: not-affected (3.7.5+debian-1)
impish_ganglia-web: not-affected (3.7.5+debian-1)
jammy_ganglia-web: not-affected (3.7.5+debian-1)
devel_ganglia-web: not-affected (3.7.5+debian-1)