CVE-2012-3448
CVE-2012-3448 is a high-severity vulnerability in Ganglia Ganglia-web with a CVSS 2.0 base score of 7.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: High (CVSS 2.0 base score 7.5)
- EPSS exploit prediction: 10% (95th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Ganglia Ganglia-web
- Published:
- Last modified:
Description
Unspecified vulnerability in Ganglia Web before 3.5.1 allows remote attackers to execute arbitrary PHP code via unknown attack vectors.
Frequently asked questions
- What is CVE-2012-3448?
- Unspecified vulnerability in Ganglia Web before 3.5.1 allows remote attackers to execute arbitrary PHP code via unknown attack vectors.
- How severe is CVE-2012-3448?
- CVE-2012-3448 has a CVSS 2.0 base score of 7.5, rated high severity.
- Is CVE-2012-3448 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 10% (95th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2012-3448?
- CVE-2012-3448 primarily affects Ganglia Ganglia-web. In total, 14 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2012-3448?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2012-3448 published?
- CVE-2012-3448 was published on 2012-08-06 and last updated on 2026-06-16.
References
- http://ganglia.info/?p=549
- http://lists.fedoraproject.org/pipermail/package-announce/2012-July/084196.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-July/084202.html
- http://secunia.com/advisories/50047
- http://www.debian.org/security/2013/dsa-2610
- http://www.openwall.com/lists/oss-security/2012/08/02/1
- http://www.securityfocus.com/bid/54699
- https://bugs.gentoo.org/show_bug.cgi?id=428776
- https://bugzilla.redhat.com/show_bug.cgi?id=845124
- https://www.exploit-db.com/exploits/38030/
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00136.html
Affected products (14)
- cpe:2.3:a:ganglia:ganglia-web:*:*:*:*:*:*:*:*
- cpe:2.3:a:ganglia:ganglia-web:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ganglia:ganglia-web:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ganglia:ganglia-web:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ganglia:ganglia-web:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:ganglia:ganglia-web:2.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:ganglia:ganglia-web:2.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:ganglia:ganglia-web:2.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:ganglia:ganglia-web:2.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:ganglia:ganglia-web:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ganglia:ganglia-web:3.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:ganglia:ganglia-web:3.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:ganglia:ganglia-web:3.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:ganglia:ganglia-web:3.4.2:*:*:*:*:*:*:*
More vulnerabilities in Ganglia Ganglia-web
- CVE-2015-6816 — Critical (CVSS 9.8): ganglia-web before 3.7.1 allows remote attackers to bypass authentication.
- CVE-2019-20379 — Medium (CVSS 6.1): ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php cs parameter.
- CVE-2019-20378 — Medium (CVSS 6.1): ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php ce parameter.
- CVE-2024-52763 — Medium (CVSS 5.4): A cross-site scripting (XSS) vulnerability in the component /graph_all_periods.php of Ganglia-web v3.73 to v3.75 allows…
- CVE-2024-52762 — Medium (CVSS 5.4): A cross-site scripting (XSS) vulnerability in the component /master/header.php of Ganglia-web v3.73 to v3.76 allows…
- CVE-2013-1770 — Medium (CVSS 4.3): Cross-site scripting (XSS) vulnerability in views_view.php in Ganglia Web 3.5.7 allows remote attackers to inject…