OSSIM is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting the issue may allow an attacker to obtain sensitive information that could aid in further attacks. OSSIM 2.2 is affected other versions may also be vulnerable.

The vendor has released an update to address this issue. Please see the references for more information.

• http://ossim.net/
• http://www.alienvault.com/community.php?section=News
• http://www.cybsec.com/vuln/cybsec_advisory_2010_0306_ossim2_2_arbitrary_file_download.pdf
• http://www.securityfocus.com/bid/38780

---

Updated on 2015-03-25