CVE-2009-4373

Опубликовано: 21 дек. 2009

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Unrestricted file upload vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in ossiminstall/uploads/.

Ссылки

http://secunia.com/advisories/37727
Vendor Advisory
http://www.alienvault.com/community.php?section=News
Vendor Advisory
http://www.cybsec.com/vuln/OSSIM_2_1_5%20_Arbitrary_File_Upload.pdf
Exploit
http://secunia.com/advisories/37727
Vendor Advisory
http://www.alienvault.com/community.php?section=News
Vendor Advisory
http://www.cybsec.com/vuln/OSSIM_2_1_5%20_Arbitrary_File_Upload.pdf
Exploit

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5:*:*:*:*:*:*:*

cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5-1:*:*:*:*:*:*:*

cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5-2:*:*:*:*:*:*:*

cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5-3:*:*:*:*:*:*:*

EPSS

Процентиль: 85%

0.02379

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-f7qg-rpxj-p56c

github

почти 4 года назад