CVE-2014-4695

Multiple open redirect vulnerabilities in the Snort package before 3.0.13 for pfSense through 2.1.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the referer parameter to snort_rules_flowbits.php or (2) the returl parameter to snort_select_alias.php.

Published: Jul 2, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-4695
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
pfsense / snort_package	-	3.0.12.x
netgate / pfsense	2.1.3	2.1.3.x
netgate / pfsense	-	2.1.4.x

https://pfsense.org/security/advisories/pfSense-SA-14_13.packages.asc

Vulnerability Database

289,697

CVE-2014-4695