Exploitation Summary
EIP tracks 1 public exploit for CVE-2014-4153. PoCs published by James Fitts.
AI-analyzed exploit summary This exploit leverages an information disclosure vulnerability in Alienvault OSSIM's av-centerd Util.pm get_file function. It sends a crafted SOAP request to retrieve arbitrary file contents, such as /etc/shadow, due to insufficient sanitization of the $r_file parameter.
Description
The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to read arbitrary files via a crafted get_file request.
Exploits (1)
This exploit leverages an information disclosure vulnerability in Alienvault OSSIM's av-centerd Util.pm get_file function. It sends a crafted SOAP request to retrieve arbitrary file contents, such as /etc/shadow, due to insufficient sanitization of the $r_file parameter.