CVE-2009-4374

AlienVault OSSIM <2.1.5.4 - Path Traversal

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to upload files into arbitrary directories via a .. (dot dot) in the id_document parameter.

References (3)

Core 3
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37727
Vendor Advisory x_refsource_misc
http://www.alienvault.com/community.php?section=News

Scores

EPSS 0.0164
EPSS Percentile 73.5%

Details

CWE
CWE-22
Status published
Products (1)
alienvault/open_source_security_information_management < 2.1.5
Published Dec 21, 2009
Tracked Since Feb 18, 2026