OSSIM 2.2.1 Cross Site Request Forgery

OSSIM 2.2.1 Cross Site Request Forgery: Posted Apr 1, 2010; Authored by CONIX Security | Site conix.fr; OSSIM version 2.2.1 suffers from a cross site request forgery vulnerability.; tags | exploit, csrf; SHA-256 | 8fac8d4b7839a6b7c8bdedf4bc5d68cf571a9262e16b08e365fc2a9c41cdf510; Download | Favorite | View

OSSIM 2.2.1 Cross Site Request Forgery

================== Summary ==================

CSRF Vulnerability in OSSIM 2.2.1

Discovered by: CONIX Security (www.conix.fr)
Public Release Date: 4/01/2010
Vendor: Alienvault (www.alienvault.com)

============= Technical Details =============

The page /ossim/control_panel/alarm_console.php is vulnerable to a CSRF vulnerability. An attacker can send a malicious link to an authorized OSSIM user and, by social engineering, provoke the deletion of all the alarms:

/ossim/control_panel/alarm_console.php?delete_backlog=all


Nicolas Grandjean
IT Security Consultant
CONIX Security

Top Authors In Last 30 Days

Red Hat 315 files
Ubuntu 65 files
Debian 25 files
LiquidWorm 11 files
Valentin Lobstein 10 files
nu11secur1ty 8 files
Google Security Research 6 files
Milad Karimi 6 files
Yevhenii Butenko 4 files
Jann Horn 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,024)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,473)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,698)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,477)
UNIX (9,394)
UnixWare (187)
Windows (6,653)
Other

OSSIM 2.2.1 Cross Site Request Forgery

OSSIM 2.2.1 Cross Site Request Forgery

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

OSSIM 2.2.1 Cross Site Request Forgery

Share This

OSSIM 2.2.1 Cross Site Request Forgery

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems