10 - CVE-2014-3805

Executive Summary

Informations
Name	CVE-2014-3805	First vendor Publication	2014-06-13
Vendor	Cve	Last vendor Modification	2017-09-16

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) get_license, (2) get_log_line, or (3) update_system/upgrade_pro_web request, a different vulnerability than CVE-2014-3804.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3805

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-94	Failure to Control Generation of Code ('Code Injection')

CPE : Common Platform Enumeration

Type	Description	Count
Application	Alienvault Open Source Security Information Management cpe:2.3:a:alienvault:open_source_security_information_management:4.6.1:::::::* cpe:2.3:a:alienvault:open_source_security_information_management:4.6:::::::* cpe:2.3:a:alienvault:open_source_security_information_management:4.5:::::::* cpe:2.3:a:alienvault:open_source_security_information_management:4.4:::::::* cpe:2.3:a:alienvault:open_source_security_information_management:4.3.3:::::::* cpe:2.3:a:alienvault:open_source_security_information_management:4.3.2:::::::* cpe:2.3:a:alienvault:open_source_security_information_management:4.3.1:::::::* cpe:2.3:a:alienvault:open_source_security_information_management:4.3:::::::* cpe:2.3:a:alienvault:open_source_security_information_management:4.2.3:::::::* cpe:2.3:a:alienvault:open_source_security_information_management:4.2.2:::::::* cpe:2.3:a:alienvault:open_source_security_information_management:4.2:::::::* cpe:2.3:a:alienvault:open_source_security_information_management:4.1.3:::::::* cpe:2.3:a:alienvault:open_source_security_information_management:4.1.2:::::::* cpe:2.3:a:alienvault:open_source_security_information_management:4.1:::::::* cpe:2.3:a:alienvault:open_source_security_information_management:4.0.4:::::::* cpe:2.3:a:alienvault:open_source_security_information_management:4.0.3:::::::* cpe:2.3:a:alienvault:open_source_security_information_management:4.0:::::::* cpe:2.3:a:alienvault:open_source_security_information_management:3.1.9:::::::* cpe:2.3:a:alienvault:open_source_security_information_management:3.1.12:::::::* cpe:2.3:a:alienvault:open_source_security_information_management:3.1.10:::::::* cpe:2.3:a:alienvault:open_source_security_information_management:3.1:::::::* cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5-3:::::::* cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5-2:::::::* cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5-1:::::::* cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5:::::::* cpe:2.3:a:alienvault:open_source_security_information_management:2.1.2:::::::* cpe:2.3:a:alienvault:open_source_security_information_management:2.1:::::::* cpe:2.3:a:alienvault:open_source_security_information_management:1.0.6:::::::* cpe:2.3:a:alienvault:open_source_security_information_management:1.0.4:::::::* cpe:2.3:a:alienvault:open_source_security_information_management::::::::	30

ExploitDB Exploits

id	Description
2014-06-18	AlienVault OSSIM < 4.7.0 - av-centerd 'get_log_line()' Remote Code Execution

Snort® IPS/IDS

Date	Description
2014-11-16	AlienVault OSSIM av-centerd get_log_line command injection attempt RuleID : 31506 - Revision : 4 - Type : SERVER-WEBAPP
2014-11-16	AlienVault OSSIM av-centerd get_license command injection attempt RuleID : 31505 - Revision : 4 - Type : SERVER-WEBAPP

Nessus® Vulnerability Scanner

Date	Description
2014-06-23	Name : The remote host is affected by a remote code execution vulnerability. File : ossim_soap_4_7_0.nasl - Type : ACT_ATTACK

Sources (Detail)

Source	Url
CONFIRM	http://forums.alienvault.com/discussion/2690
EXPLOIT-DB	https://www.exploit-db.com/exploits/42709/
MISC	http://zerodayinitiative.com/advisories/ZDI-14-198/ http://zerodayinitiative.com/advisories/ZDI-14-199/ http://zerodayinitiative.com/advisories/ZDI-14-204/

Alert History

If you want to see full details history, please login or register.

Date	Informations
2021-05-05 01:15:21	Multiple Updates
2021-05-04 12:32:25	Multiple Updates
2021-04-22 01:39:37	Multiple Updates
2020-05-23 01:52:17	Multiple Updates
2020-05-23 00:41:14	Multiple Updates
2017-09-16 09:23:16	Multiple Updates
2016-04-27 00:55:17	Multiple Updates
2014-11-16 21:25:05	Multiple Updates
2014-06-26 17:22:30	Multiple Updates
2014-06-24 13:22:34	Multiple Updates
2014-06-17 17:23:32	First insertion

Type	Count
CWE ID(s)	1
CPE ID(s)	30
Sources(s)	5
ExploitDB Exploit(s)	1
Snort® Rule(s)	2
Nessus® Exploit(s)	1

10 - CVE-2014-3805

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

ExploitDB Exploits

Snort® IPS/IDS

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU