header-logo
Suggest Exploit
vendor:
OSSIM
by:
SecurityFocus
7,5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: OSSIM
Affected Version From: 4.3.3
Affected Version To: 4.3.3
Patch Exists: YES
Related CWE: N/A
CPE: a:alienvault:ossim
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2013

Open Source SIEM (OSSIM) Directory Traversal Vulnerability

Open Source SIEM (OSSIM) is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to gain access to arbitrary system files. Information harvested may aid in launching further attacks.

Mitigation:

Input validation should be used to prevent directory traversal attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/62899/info

Open Source SIEM (OSSIM) is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue can allow an attacker to gain access to arbitrary system files. Information harvested may aid in launching further attacks.

Open Source SIEM (OSSIM) 4.3.3 is vulnerable; other versions may also be affected. 

http://www.example.com/ossim/ocsreports/tele_compress.php?timestamp=../../../../etc/ossim

Navigation

Suggest Exploit

Services By CQR