AlienVault OSSIM get_fqdn() RCE
Critical Nessus Plugin ID 100381
SynopsisA security suite application hosted on the remote web server is affected by a remote command execution vulnerability.
DescriptionThe version of AlienVault Open Source Security Information Management (OSSIM) running on the remote host is affected by a flaw in the get_fqdn() API function due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this to execute arbitrary commands.
SolutionUpgrade to AlienVault OSSIM version 5.3.6 or later.