|
|
Family: CGI abuses --> Category: attack
BASE base_maintenance Authentication Bypass Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Tries to bypass authentication in BASE
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP script that is prone to an
authentication bypass vulnerability.
Description :
The remote host is running BASE, a web-based tool for analyzing alerts
from one or more SNORT sensors.
The version of BASE installed on the remote host allows a remote
attacker to bypass authentication to the 'base_maintenance.php' script
and then perform selected maintenance tasks.
See also :
http://sourceforge.net/project/shownotes.php?release_id=402956&group_id=103348
Solution :
Upgrade to BASE version 1.2.4 or later.
Threat Level:
Low / CVSS Base Score : 2.3
(AV:R/AC:L/Au:NR/C:P/I:N/A:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
