Summary
AlienVault Open Source SIEM (OSSIM) 'timestamp' Parameter Directory Traversal Vulnerability
Impact
Exploiting this issue can allow an attacker to gain access to arbitrary system files. Information harvested may aid in launching further attacks.
Solution
Updates are available.
Insight
Open Source SIEM (OSSIM) is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
Affected
All AlienVault Versions prior to v4.3.3.1
Detection
Send a special crafted HTTP GET request and check the response.
References
Updated on 2017-03-28
Severity
Classification
-
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:C/I:N/A:N
Related Vulnerabilities
- 3Com OfficeConnect VPN Firewall Default Password Security Bypass Vulnerability
- Andy's PHP Knowledgebase 'step5.php' Remote PHP Code Execution Vulnerability
- AIOCP 'cp_html2xhtmlbasic.php' Remote File Inclusion Vulnerability
- AV Arcade 'ava_code' Cookie Parameter SQL Injection Vulnerability
- Admin News Tools Multiple Vulnerabilities