Summary
This host is running AlienVault OSSIM and is prone to multiple sql injection vulnerabilities.
Impact
Successful exploitation will allow remote attackers to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
Impact Level: Application
Solution
Upgrade to version 4.4.0 or later,
For updates refer to http://www.alienvault.com/open-threat-exchange/projects
Insight
Multiple flaws are due to improper sanitation of user-supplied input to the 'date_form' parameter when displaying radar reports.
Affected
AlienVault Open Source Security Information Management (OSSIM) version 4.3 and prior.
Detection
Send a HTTP GET request and check whether it is able to execute sql query or not.
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2013-5967 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution
- 3Com OfficeConnect VPN Firewall Default Password Security Bypass Vulnerability
- Assesi 'bg' Parameter SQL Injection vulnerability
- aflog Cookie-Based Authentication Bypass Vulnerability
- A-A-S Application Access Server Multiple Vulnerabilities