Arbitrary File Creation and Configuration Modification in Munin CGI

Arbitrary File Creation and Configuration Modification in Munin CGI

CVE-2012-3513 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.

Learn more about our Cis Benchmark Audit For Apache Http Server.