AlienVault Open Source SIEM (OSSIM) SQL Injection and Cross Site Scripting Vulnerabilities

Bugtraq ID:	53331
Class:	Input Validation Error
CVE:	CVE-2012-3834 CVE-2012-3835
Remote:	Yes
Local:	No
Published:	May 02 2012 12:00AM
Updated:	Mar 19 2015 07:35AM
Credit:	Stefan Schurtz
Vulnerable:	AlienVault Open Source SIEM (OSSIM) 3.1
Not Vulnerable:

AlienVault Open Source SIEM (OSSIM) SQL Injection and Cross Site Scripting Vulnerabilities

Open Source SIEM (OSSIM) is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability.

Exploiting these vulnerabilities could allow an attacker to execute arbitrary script code, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Open Source SIEM (OSSIM) 3.1 is vulnerable; other versions may also be affected.

AlienVault Open Source SIEM (OSSIM) SQL Injection and Cross Site Scripting Vulnerabilities

Attackers can use a browser to exploit the SQL-injection issue. The attacker must trick an unsuspecting victim into following a malicious URI to exploit the cross-site scripting issue.

The following example URIs are available:

• /data/vulnerabilities/exploits/53331.txt

AlienVault Open Source SIEM (OSSIM) SQL Injection and Cross Site Scripting Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

AlienVault Open Source SIEM (OSSIM) SQL Injection and Cross Site Scripting Vulnerabilities

References:

• Alienvault Homepage (Alienvault)
  
• Alienvault OSSIM Open Source SIEM 3.1 Multiple security vulnerabilities (Stefan Schurtz)