Lucene search
MitreCVE-2009-4374HistoryDec 21, 2009 - 4:30 p.m.
CVE-2009-4374
2009-12-2116:30:00
CWE-22
mitre
web.nvd.nist.gov
28
cve-2009-4374
vulnerability
alienvault
ossim
security management
file upload
directory traversal
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.9
Confidence
High
EPSS
0.014
Percentile
86.5%
Directory traversal vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to upload files into arbitrary directories via a … (dot dot) in the id_document parameter.
Affected configurations
Node
alienvaultopen_source_security_information_managementRange≤2.1.5
| Vendor | Product | Version | CPE |
|---|---|---|---|
| alienvault | open_source_security_information_management | * | cpe:2.3:a:alienvault:open_source_security_information_management:*:*:*:*:*:*:*:* |
Related
nvd
nvd
CVE-2009-4374
2009-12-21 16:30:00
prion
prion
Directory traversal
2009-12-21 16:30:00
cvelist
cvelist
CVE-2009-4374
2009-12-21 16:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.9
Confidence
High
EPSS
0.014
Percentile
86.5%
Related for CVE-2009-4374