CVE-2012-3835
published 2012-07-03CVE-2012-3835: Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 3.1 allow remote attackers to inject…
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
2.23%
80.5th percentile
Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to top.php or (2) time[0][0] parameter to forensics/base_qry_main.php, which is not properly handled in an error page.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| alienvault | open_source_security_information_management | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Alienvault Open Source SIEM (OSSIM) 3.1 - Reflected Cross-Site Scripting / Blind SQL Injection
exploitdb·2012-07-23
CVE-2012-3835 Alienvault Open Source SIEM (OSSIM) 3.1 - Reflected Cross-Site Scripting / Blind SQL Injection
Alienvault Open Source SIEM (OSSIM) 3.1 - Reflected Cross-Site Scripting / Blind SQL Injection
---
#!/usr/bin/python
'''
AlienVault has a reflected XSS vulnerability in the "url" parameter of "top.php".
Proof of Concept:
Enticing a logged in user to visit the following URL where an attacker is hosting an cookie grabber will allow for the hijacking of the user session:
https://victim/ossim/top.php?option=3&soption=3&url=
With a cookie captured and a session hijacked, the blind SQL injection vulnerability in the "tcp_port" parameter of "base_qry_main.php" can be exploited to extract the admin hash.
Timeline:
# 28 May 2012: Vulnerability reported to CERT
# 30 May 2012: Response received from CERT with disclosure date set to 20 Jul 2012
# 23 Jul 2012: Update from CERT: No response fro
Exploit-DB
Alienvault Open Source SIEM (OSSIM) 3.1 - Multiple Vulnerabilities
exploitdb·2012-04-29
CVE-2012-3835 Alienvault Open Source SIEM (OSSIM) 3.1 - Multiple Vulnerabilities
Alienvault Open Source SIEM (OSSIM) 3.1 - Multiple Vulnerabilities
---
#####################################################################################
# Advisory: Alienvault OSSIM Open Source SIEM 3.1 Multiple security vulnerabilities
# Advisory ID: SSCHADV-EDB-2012-001
# Contact: [email protected]
# Author: Stefan Schurtz
# Affected Software: Successfully tested on Alienvault Open Source SIEM 3.1 (32bit)
# Vendor URL: http://www.alienvault.com/
# Vendor Status: informed
#####################################################################################
Vulnerability Description
Alienvault OSSIM Open Source SIEM 3.1 is prone to XSS and SQL-Injection vulnerabilities
PoC-Exploit
#### SQL-Injection //Authentication is needed ####
https://[target]/ossim/forensics/base_qry_
No writeups or analysis indexed.
http://secunia.com/advisories/49005http://www.darksecurity.de/index.php?/211-KORAMIS-ADV2012-002-Alienvault-OSSIM-Open-Source-SIEM-3.1-Multiple-security-vulnerabilities.htmlhttp://www.exploit-db.com/exploits/18800http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-002.txthttp://www.securityfocus.com/bid/53331https://exchange.xforce.ibmcloud.com/vulnerabilities/75297http://secunia.com/advisories/49005http://www.darksecurity.de/index.php?/211-KORAMIS-ADV2012-002-Alienvault-OSSIM-Open-Source-SIEM-3.1-Multiple-security-vulnerabilities.htmlhttp://www.exploit-db.com/exploits/18800http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-002.txthttp://www.securityfocus.com/bid/53331https://exchange.xforce.ibmcloud.com/vulnerabilities/75297
2012-07-03
Published