SSL: Alienvault Unified Security Management and OSSIM gauge.php SQL Injection
This signature detects attempts to exploit a known vulnerability in the Alienvault Unified Security Management and OSSIM. Successful exploitation could result in the execution of arbitrary SELECT commands against the database and the disclosure of information from the database.
Extended Description
A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbitrary SQL query and retrieve database information or read local system files via MySQL's LOAD_FILE.
Affected Products
Alienvault unified_security_management
References
CVE: CVE-2016-8582
Short Name
SSL:ALIENVAULT-USM-SQLI
Severity
Major
Recommended
True
Recommended Action
Drop
Category
SSL
Keywords
Alienvault CVE-2016-8582 Injection Management OSSIM SQL Security Unified and gauge.php
Release Date
11/10/2016
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Alienvault
CVSS Score
7.5