CVE-2014-4695
Published Jul 2, 2014
Last updated 5 years ago
Overview
- Description
- Multiple open redirect vulnerabilities in the Snort package before 3.0.13 for pfSense through 2.1.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the referer parameter to snort_rules_flowbits.php or (2) the returl parameter to snort_select_alias.php.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5.8
- Impact score
- 4.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:N
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Evaluator
- Comment
- Per: http://cwe.mitre.org/data/definitions/601.html "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')"
- Impact
- -
- Solution
- -
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netgate:pfsense:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "41DC67D8-85E8-41E4-9BC2-86AF017CC779",
"versionEndIncluding": "2.1.4"
},
{
"criteria": "cpe:2.3:a:netgate:pfsense:2.1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2CAA13A8-3B1E-4848-AB59-E385BC37E4E5"
},
{
"criteria": "cpe:2.3:a:pfsense:snort_package:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "80DAF1D7-AE85-4CA8-8F49-5D3B1496F520",
"versionEndIncluding": "3.0.12"
}
],
"operator": "OR"
}
]
}
]