CVE-2009-4374

Name of the Vulnerable Software and Affected Versions AlienVault Open Source Security Information Management (OSSIM) versions prior to 2.1.5-4

Description The issue allows remote attackers to upload files into arbitrary directories via a .. (dot dot) in the id document parameter. This is a result of a directory traversal vulnerability in the repository/repository attachment.php file.

Recommendations For versions prior to 2.1.5-4, update to version 2.1.5-4 or later to resolve the issue. As a temporary workaround, consider restricting access to the repository attachment.php file to minimize the risk of exploitation. Avoid using the id document parameter in the affected file until the issue is resolved.