Summary
AlienVault Open Source SIEM (OSSIM) 'timestamp' Parameter Directory Traversal Vulnerability
Impact
Exploiting this issue can allow an attacker to gain access to arbitrary system files. Information harvested may aid in launching further attacks.
Solution
Updates are available.
Insight
Open Source SIEM (OSSIM) is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
Affected
All AlienVault Versions prior to v4.3.3.1
Detection
Send a special crafted HTTP GET request and check the response.
References
Updated on 2017-03-28
Severity
Classification
-
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:C/I:N/A:N
Related Vulnerabilities
- ArticleFR CMS Multiple Vulnerabilities - Jan15
- Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution
- Artifectx xClassified 'catid' SQL Injection Vulnerability
- Apache Tomcat AJP Protocol Security Bypass Vulnerability
- b2Evolution title SQL Injection