Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

BASE < 1.4.4 Multiple Vulnerabilities

High

Synopsis

The remote host is running a PHP application that is vulnerable to multiple attack vectors.

Description

The remote host is running BASE, a web-based tool for analyzing alerts from one or more SNORT sensors. The version of BASE installed on the remote host is earlier than 1.4.4. Such versions are potentially affected by multiple issues :

- A SQL-injection flaw.

- A cross-site scripting vulnerability in 'base_local_rules.php'.

- A local file include vulnerability in 'base_local_rules.php'.

Solution

Upgrade to BASE version 1.4.4 or later.