CVE-2016-7955
published 2017-03-15CVE-2016-7955: The logcheck function in session.inc in AlienVault OSSIM before 5.3.1, when an action has been created, and USM before 5.3.1 allows remote attackers to bypass…
PriorityP355critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
6.41%
92.8th percentile
The logcheck function in session.inc in AlienVault OSSIM before 5.3.1, when an action has been created, and USM before 5.3.1 allows remote attackers to bypass authentication and consequently obtain sensitive information, modify the application, or execute arbitrary code as root via an "AV Report Scheduler" HTTP User-Agent header.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| alienvault | ossim | <= 5.3 | — |
| alienvault | unified_security_management | <= 5.3 | — |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/archive/1/540224/100/0/threadedhttp://www.zerodayinitiative.com/advisories/ZDI-16-517/https://www.alienvault.com/forums/discussion/7765/alienvault-v5-3-1-hotfixhttp://www.securityfocus.com/archive/1/540224/100/0/threadedhttp://www.zerodayinitiative.com/advisories/ZDI-16-517/https://www.alienvault.com/forums/discussion/7765/alienvault-v5-3-1-hotfix
2017-03-15
Published