Sourcefire Defense Center Multiple Security Vulnerabilities Network Vulnerability

Summary

Sourcefire Defense Center is prone to multiple security vulnerabilities, including multiple arbitrary-file-download vulnerabilities, an arbitrary-file-deletion vulnerability, a security- bypass vulonerability, and an HTML-injection vulnerability. Exploiting these vulnerabilities may allow an attacker to view or delete arbitrary files within the context of the application, gain unauthorized access and execute HTML and script code in the context of the affected site, steal cookie-based authentication credentials, or control how the site is rendered to the user. Information harvested may aid in launching further attacks. Sourcefire Defense Center versions prior to 4.10.2.3 are vulnerable.

Solution

Updates are available. Please see the reference for more details.

References

http://seclists.org/fulldisclosure/2012/Apr/52?utm_source=twitterfeed&utm_medium=twitter
http://www.securityfocus.com/bid/52887

Updated on 2017-03-28

Severity

Classification

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Advantech Studio 'NTWebServer.exe' Directory Traversal Vulnerability
Admbook PHP Code Injection Flaw
AjaxPortal 'di.php' File Inclusion Vulnerability
Agora CGI Cross Site Scripting
Artmedic Kleinanzeigen File Inclusion Vulnerability

Take action and discover your vulnerabilities