Open Redirect Vulnerabilities in Snort Package for pfSense
CVE-2014-4695

Currently unrated

Key Information:

Vendor: Pfsense
Status: Snort Package; Pfsense
Vendor: CVE Published:; 2 July 2014

What is CVE-2014-4695?

The Snort package for pfSense has multiple open redirect vulnerabilities that allow remote attackers to redirect users to arbitrary websites. This exploitation can be achieved through specifically crafted URLs, utilizing the 'referer' parameter in 'snort_rules_flowbits.php' and the 'returl' parameter in 'snort_select_alias.php'. Such vulnerabilities can facilitate various malicious activities, including phishing attacks, significantly compromising user security.

References

https://pfsense.org/security/advisories/pfSense-SA-14_13....

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 2, 2014
Vulnerability Reserved
Jun 28, 2014

Pfsense

What is CVE-2014-4695?

References

Timeline