CVE Record: CVE-2016-7955

Required CVE Record Information

Description

The logcheck function in session.inc in AlienVault OSSIM before 5.3.1, when an action has been created, and USM before 5.3.1 allows remote attackers to bypass authentication and consequently obtain sensitive information, modify the application, or execute arbitrary code as root via an "AV Report Scheduler" HTTP User-Agent header.

Product Status

Learn more

Information not provided

References 3 Total

securityfocus.com: 20170306 CVE-2016-7955 - Alienvault OSSIM/USM Authentication Bypass
external site
mailing-list
http://www.zerodayinitiative.com/advisories/ZDI-16-517/
external site
https://www.alienvault.com/forums/discussion/7765/alienvault-v5-3-1-hotfix
external site

Updated: 2024-08-06

This container includes required additional information provided by the CVE Program for this vulnerability.

References 3 Total

securityfocus.com: 20170306 CVE-2016-7955 - Alienvault OSSIM/USM Authentication Bypass
external site
mailing-listx_transferred
http://www.zerodayinitiative.com/advisories/ZDI-16-517/
external site
x_transferred
https://www.alienvault.com/forums/discussion/7765/alienvault-v5-3-1-hotfix
external site
x_transferred

Common vulnerabilities and Exposures (CVE)

Required CVE Record Information

CNA: MITRE Corporation

Description

Product Status

References 3 Total

CVE Program

References 3 Total