CVE-2017-1000031

https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-007/?fid=7789

MITRE disagrees that this CVE is a duplicate of CVE-2014-4002 and CVE-2016-3172.

MITRE believes that CVE-2017-1000031 is a different vulnerability than

CVE-2014-4002 and CVE-2016-3172. This is because they seprate on vulnerability

type, so it cannot be a duplicate of CVE-2014-4002 despite sharing attack

vectors with this vulnerability, and covers different attack vectors than

CVE-2016-3172 despite sharing vulnerability type, and appears to be

independently fixable from said vulnerability based on the fix provided here:

https://github.com/Cacti/cacti/issues/866

According to https://github.com/Cacti/cacti/issues/866#issuecomment-316865448

the first issue was fixed by https://github.com/Cacti/cacti/commit/be800c9e552d2929106b576922e9693c83b4bd46

whereas the second issue was fixed by https://github.com/Cacti/cacti/commit/4e4dd6784adfc07b6011da999809d86a06f0f4e5

After the request to MITRE to reject this CVE, elbrus discovered that also

CVE-2015-4634 seems part of the duplication. Upstream commit 4e4dd67 was in the

preperation git tree for 1.x, its equivalent svn commit was used to fix

CVE-2015-4634 in Debian.