Open Redirect Vulnerabilities in Suricata for pfSense
CVE-2014-4696

Currently unrated

Key Information:

Vendor: Pfsense
Status: Suricata Package; Pfsense
Vendor: CVE Published:; 2 July 2014

What is CVE-2014-4696?

Suricata, a network threat detection engine integrated with pfSense, is prone to multiple open redirect vulnerabilities that could permit remote attackers to redirect users to malicious websites. Exploiting this flaw can enable attackers to conduct phishing attacks effectively. The vulnerabilities are present in Suricata versions prior to 1.0.6 for pfSense versions below 2.1.4, specifically through manipulation of the referer parameter in suricata_rules_flowbits.php and the returl parameter in suricata_select_alias.php.

References

https://pfsense.org/security/advisories/pfSense-SA-14_13....

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 2, 2014
Vulnerability Reserved
Jun 28, 2014

Pfsense

What is CVE-2014-4696?

References

Timeline