CVE-2009-3441

Alienvault Ossim < 2.1 - Authentication Bypass

Title source: rule

Description

Open Source Security Information Management (OSSIM) before 2.1.2 allows remote attackers to bypass authentication, and read graphs or infrastructure information, via a direct request to (1) graphs/alarms_events.php or (2) host/draw_tree.php.

References (4)

[Exploit] http://dsecrg.com/pages/vul/show.php?id=155

[Vendor Advisory] http://secunia.com/advisories/36867

[Exploit] http://www.securityfocus.com/bid/36504

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/506663/100/0/threaded

Scores

EPSS 0.0043

EPSS Percentile 61.9%

Classification

CWE

CWE-287

Status draft

Affected Products (3)

alienvault/ossim < 2.1

alienvault/ossim

Timeline

Published Sep 28, 2009

Tracked Since Feb 18, 2026