CVE-2014-4696
Published Jul 2, 2014
Last updated 5 years ago
Overview
- Description
- Multiple open redirect vulnerabilities in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the referer parameter to suricata_rules_flowbits.php or (2) the returl parameter to suricata_select_alias.php.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5.8
- Impact score
- 4.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:N
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Evaluator
- Comment
- Per: http://cwe.mitre.org/data/definitions/601.html "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')"
- Impact
- -
- Solution
- -
Configurations
[ { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:netgate:pfsense:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "41DC67D8-85E8-41E4-9BC2-86AF017CC779", "versionEndIncluding": "2.1.4" }, { "criteria": "cpe:2.3:a:netgate:pfsense:2.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2CAA13A8-3B1E-4848-AB59-E385BC37E4E5" }, { "criteria": "cpe:2.3:a:pfsense:suricata_package:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FC8077F-F731-44A2-BF9D-8CDBC1361221", "versionEndIncluding": "1.0.5" } ], "operator": "OR" } ] } ]