CVE-2014-4696

Multiple open redirect vulnerabilities in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the referer parameter to suricata_rules_flowbits.php or (2) the returl parameter to suricata_select_alias.php.

Published: Jul 2, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-4696
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
pfsense / suricata_package	-	1.0.5.x
netgate / pfsense	2.1.3	2.1.3.x
netgate / pfsense	-	2.1.4.x

https://pfsense.org/security/advisories/pfSense-SA-14_13.packages.asc

Vulnerability Database

289,697

CVE-2014-4696