Sourcefire Defense Center Multiple Security Vulnerabilities

Bugtraq ID:	52887
Class:	Unknown
CVE:
Remote:	Yes
Local:	No
Published:	Apr 04 2012 12:00AM
Updated:	Apr 04 2012 12:00AM
Credit:	Filip Palian
Vulnerable:	Sourcefire Defense Center 4.8.2 Sourcefire Defense Center 4.8.1 Sourcefire Defense Center 4.9.1.6 Sourcefire Defense Center 4.7 Sourcefire Defense Center 4.6
Not Vulnerable:	Sourcefire Defense Center 4.10.2.3

Sourcefire Defense Center Multiple Security Vulnerabilities

Sourcefire Defense Center is prone to multiple security vulnerabilities, including multiple arbitrary-file-download vulnerabilities, an arbitrary-file-deletion vulnerability, a security-bypass vulonerability, and an HTML-injection vulnerability.

Exploiting these vulnerabilities may allow an attacker to view or delete arbitrary files within the context of the application, gain unauthorized access and execute HTML and script code in the context of the affected site, steal cookie-based authentication credentials, or control how the site is rendered to the user. Information harvested may aid in launching further attacks.

Sourcefire Defense Center versions prior to 4.10.2.3 are vulnerable.

Sourcefire Defense Center Multiple Security Vulnerabilities

Attackers can exploit these issues through a browser.

Sourcefire Defense Center Multiple Security Vulnerabilities

Solution:
Updates are available. Please see the reference for more details.

Sourcefire Defense Center Multiple Security Vulnerabilities

References:

• Defense Center Homepage (Sourcefire)
  
• Sourcefire Defense Center - multiple vulnerabilities. (Filip Palian)