CVE-2009-4373

Name of the Vulnerable Software and Affected Versions AlienVault Open Source Security Information Management (OSSIM) versions prior to 2.1.5-4

Description The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the repository/repository attachment.php script, and then accessing it via a direct request to the file in ossiminstall/uploads/.

Recommendations For versions prior to 2.1.5-4, update to version 2.1.5-4 or later to resolve the issue. As a temporary workaround, consider restricting access to the ossiminstall/uploads/ directory to minimize the risk of exploitation.