Bug #16412
Updated by Jim Pingle 3 days ago
There is a potential file enumeration vulnerability in the Snort package:
In @/usr/local/www/snort/snort_ip_reputation.php@, the value of the @iplist@ parameter is not sanitized of directory traversal-related characters/strings before being used to check if a file exists. While the contents of the file cannot be read, the server reveals whether a file exists.
Reported by Alex Williams of Pellera Technology via VulnCheck, CVE-2025-34173