Signature Detail

HTTP: AlienVault OSSIM av-centerd SOAP Requests Command Execution

This signature detects attempts to exploit a known vulnerability against Alien Vault OSSIM. A successful attack can lead to arbitrary command execution.

Extended Description

The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) update_system_info_debian_package, (2) ossec_task, (3) set_ossim_setup admin_ip, (4) sync_rserver, or (5) set_ossim_setup framework_ip request, a different vulnerability than CVE-2014-3805.

Affected Products

• Alienvault open_source_security_information_management 4.0
• Alienvault open_source_security_information_management 4.0.3
• Alienvault open_source_security_information_management 4.0.4
• Alienvault open_source_security_information_management 4.1
• Alienvault open_source_security_information_management 4.1.2
• Alienvault open_source_security_information_management 4.1.3
• Alienvault open_source_security_information_management 4.2
• Alienvault open_source_security_information_management 4.2.2
• Alienvault open_source_security_information_management 4.2.3
• Alienvault open_source_security_information_management 4.3
• Alienvault open_source_security_information_management 4.3.1
• Alienvault open_source_security_information_management 4.3.2
• Alienvault open_source_security_information_management 4.3.3
• Alienvault open_source_security_information_management 4.4
• Alienvault open_source_security_information_management 4.5
• Alienvault open_source_security_information_management 4.6
• Alienvault open_source_security_information_management 4.6.1

References

• BugTraq: 67312
• BugTraq: 67999
• CVE: CVE-2014-3804
• URL: http://forums.alienvault.com/discussion/2690