Summary
AlienVault OSSIM is prone to multiple remote code execution vulnerabilities
Impact
An attacker can leverage these issues to execute arbitrary code with root privileges.
Solution
Updates are available.
Insight
The application fails to sufficiently sanitize user-supplied input.
Affected
AlienVault OSSIM 4.6.1 and prior are vulnerable.
Detection
Send a special crafted HTTP SOAP request and check the response.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-3804, CVE-2014-3805 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities