Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2014-3804

EPSS 79.33% · P99
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2014-3804

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) update_system_info_debian_package, (2) ossec_task, (3) set_ossim_setup admin_ip, (4) sync_rserver, or (5) set_ossim_setup framework_ip request, a different vulnerability than CVE-2014-3805.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
AlienVault OSSIM 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
AlienVault OSSIM是美国AlienVault公司的一套开源的安全信息管理系统。该系统可将开源产品进行集成,提供一种能够实现安全监控功能的基础平台。 AlienVault OSSIM 4.7.0之前版本的av-centerd SOAP服务中存在安全漏洞。远程攻击者可通过发送特制的update_system_info_debian_package、ossec_task、set_ossim_setup admin_ip、sync_rserver或set_ossim_setup framework_
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2014-3804

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2014-3804

登录查看更多情报信息。

Same Patch Batch · n/a · 2014-06-13 · 23 CVEs total

CVE-2013-5356Sharetronix 权限许可和访问控制漏洞
CVE-2014-3859ISC BIND 输入验证漏洞
CVE-2014-4161SAP Supplier Relationship Management 跨站脚本漏洞
CVE-2014-4160SAP NetWeaver Business Client 跨站脚本漏洞
CVE-2014-4159SAP Supplier Relationship Management 开放重定向漏洞
CVE-2014-4158Kolibri 基于栈的缓冲区溢出漏洞
CVE-2014-3814Juniper Networks NetScreen Firewall products with ScreenOS 安全漏洞
CVE-2014-3813Juniper Networks NetScreen Firewall products with ScreenOS 拒绝服务漏洞
CVE-2014-3812Juniper Junos Pulse Secure Access Service和Junos Pulse Access Control Service 安全漏洞
CVE-2014-3805AlienVault OSSIM 安全漏洞
CVE-2014-2303webEdition CMS SQL注入漏洞
CVE-2010-5301Kolibri 基于栈的缓冲区溢出漏洞
CVE-2013-5353Sharetronix 任意文件上传漏洞
CVE-2013-5352Sharetronix 代码注入漏洞
CVE-2013-4099JOAL OpenAL32.dll文件安全漏洞
CVE-2013-3843Monkey HTTP Daemon ‘mk_request_header_process’函数缓冲区错误漏洞
CVE-2013-3663Trimble Navigation Trimble SketchUp 基于堆的缓冲区溢出漏洞
CVE-2013-2182Monkey HTTP Daemon Mandril安全插件安全绕过漏洞
CVE-2013-2163Monkey HTTP Daemon 输入验证错误漏洞
CVE-2013-1841Net-Server ‘allow_deny()’ 函数安全绕过漏洞

Showing top 20 of 23 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2014-3804

No comments yet

Leave a comment