AlienVault Prior to 4.6.0 Command Injection Vulnerability
BID:68864
Info
AlienVault Prior to 4.6.0 Command Injection Vulnerability
| Bugtraq ID: | 68864 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 23 2014 12:00AM |
| Updated: | Aug 05 2014 12:10AM |
| Credit: | 3JaneLabs (3J01142503-1) |
| Vulnerable: |
AlienVault Open Source SIEM (OSSIM) 3.1 |
| Not Vulnerable: | |
Discussion
AlienVault Prior to 4.6.0 Command Injection Vulnerability
AlienVault is prone to the command-injection vulnerability.
Attackers can exploit this issue to execute arbitrary commands in context of the application. This may aid in further attacks.
NOTE: This BID was previously titled 'AlienVault Prior to 4.6.0 Multiple Security Vulnerabilities', but the issues (described by CVE-2014-5158 and CVE-2014-5159) has been moved to BID 68998 (AlienVault OSSIM CVE-2014-5158 Multiple Remote Code Execution Vulnerabilities) and BID 68996 (AlienVault OSSIM 'ws_data' Parameter SQL Injection Vulnerability) respectively to better document it.
AlienVault is prone to the command-injection vulnerability.
Attackers can exploit this issue to execute arbitrary commands in context of the application. This may aid in further attacks.
NOTE: This BID was previously titled 'AlienVault Prior to 4.6.0 Multiple Security Vulnerabilities', but the issues (described by CVE-2014-5158 and CVE-2014-5159) has been moved to BID 68998 (AlienVault OSSIM CVE-2014-5158 Multiple Remote Code Execution Vulnerabilities) and BID 68996 (AlienVault OSSIM 'ws_data' Parameter SQL Injection Vulnerability) respectively to better document it.
Exploit / POC
AlienVault Prior to 4.6.0 Command Injection Vulnerability
Attackers can exploit this issue using browser or readily available tools.
Attackers can exploit this issue using browser or readily available tools.
Solution / Fix
AlienVault Prior to 4.6.0 Command Injection Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
AlienVault Prior to 4.6.0 Command Injection Vulnerability
References:
References:
- Alienvault Homepage (Alienvault)