This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:MISC:ALIENVAULT-OSSIM-CE
|
Severity |
Major
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
HTTP
|
Keywords |
AlienVault OSSIM av-centerd Util.pm Request Arbitrary Command Execution
|
Release Date |
2014/07/29
|
Update Number |
2403
|
Supported Platforms |
idp-4.0+, isg-3.4+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: AlienVault OSSIM av-centerd Util.pm Request Arbitrary Command Execution
This signature detects attempts to exploit a known vulnerability against AlienVault OSSIM. A successful attack can lead to arbitrary code execution.
Extended Description
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) remote_task or (2) get_license request, a different vulnerability than CVE-2014-3804 and CVE-2014-3805.
Affected Products
- Alienvault open_source_security_information_management 1.0.4
- Alienvault open_source_security_information_management 1.0.6
- Alienvault open_source_security_information_management 2.1
- Alienvault open_source_security_information_management 2.1.2
- Alienvault open_source_security_information_management 2.1.5
- Alienvault open_source_security_information_management 2.1.5-1
- Alienvault open_source_security_information_management 2.1.5-2
- Alienvault open_source_security_information_management 2.1.5-3
- Alienvault open_source_security_information_management 3.1
- Alienvault open_source_security_information_management 3.1.10
- Alienvault open_source_security_information_management 3.1.12
- Alienvault open_source_security_information_management 3.1.9
- Alienvault open_source_security_information_management 4.0
- Alienvault open_source_security_information_management 4.0.3
- Alienvault open_source_security_information_management 4.0.4
- Alienvault open_source_security_information_management 4.1
- Alienvault open_source_security_information_management 4.1.2
- Alienvault open_source_security_information_management 4.1.3
- Alienvault open_source_security_information_management 4.2
- Alienvault open_source_security_information_management 4.2.2
- Alienvault open_source_security_information_management 4.2.3
- Alienvault open_source_security_information_management 4.3
- Alienvault open_source_security_information_management 4.3.1
- Alienvault open_source_security_information_management 4.3.2
- Alienvault open_source_security_information_management 4.3.3
- Alienvault open_source_security_information_management 4.4
- Alienvault open_source_security_information_management 4.5
- Alienvault open_source_security_information_management 4.6
- Alienvault open_source_security_information_management 4.6.1
References