Project

General

Profile

Actions
Copy link

Bug #16412

closed

Potential file enumeration vulnerability in the Snort package via IP reputation lists

Added by Jim Pingle 6 days ago. Updated 2 days ago.

Status:
Resolved
Priority:
High
Assignee:
Jim Pingle
Category:
Snort
Target version:
-
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:

Description

There is a potential file enumeration vulnerability in the Snort package:

In /usr/local/www/snort/snort_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related characters/strings before being used to check if a file exists. While the contents of the file cannot be read, the server reveals whether a file exists.

Reported by Alex Williams of Pellera Technology via VulnCheck, CVE-2025-34173

Actions
Copy link
 #2

Updated by Jim Pingle 3 days ago

  • Description updated (diff)
Actions
Copy link
 #3

Updated by Jim Pingle 2 days ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

MR Merged

Actions
Copy link
 #4

Updated by Jim Pingle 2 days ago

  • Private changed from Yes to No

New package build is now published and available for Plus 25.07.1, Plus 25.07, CE 2.8.1, and CE 2.8.0.

Actions
Copy link

Also available in: Atom PDF