Bug #16412: Potential file enumeration vulnerability in the Snort package via IP reputation lists - pfSense Packages - pfSense bugtracker

Actions

Copy link

Bug #16412

closed

Potential file enumeration vulnerability in the Snort package via IP reputation lists

Added by Jim Pingle 6 days ago. Updated 3 days ago.

Status:

Resolved

Priority:

High

Assignee:

Jim Pingle

Category:

Snort

Target version:

Start date:

Due date:

% Done:

100%

Estimated time:

Plus Target Version:

Affected Version:

Affected Plus Version:

Affected Architecture:

Description

There is a potential file enumeration vulnerability in the Snort package:

In /usr/local/www/snort/snort_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related characters/strings before being used to check if a file exists. While the contents of the file cannot be read, the server reveals whether a file exists.

Reported by Alex Williams of Pellera Technology via VulnCheck, CVE-2025-34173

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense » pfSense Packages

Custom queries

Bug #16412

Potential file enumeration vulnerability in the Snort package via IP reputation lists

Updated by Jim Pingle 3 days ago

Updated by Jim Pingle 3 days ago

Updated by Jim Pingle 3 days ago