Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

BASE < 1.2.4 base_maintenance Authentication Bypass

Medium

Synopsis

The remote web server contains a PHP script that is prone to an authentication bypass vulnerability.

Description

The remote web server contains a PHP script that is prone to an authentication bypass vulnerability. The remote host is running BASE, a web-based tool for analyzing alerts from one or more SNORT sensors. The version of BASE installed on the remote host allows a remote attacker to bypass authentication to the 'base_maintenance.php' script and then perform selected maintenance tasks.

Solution

Upgrade to version 1.2.4 or higher.