Multiple open redirect vulnerabilities in the Snort package prior to 3.0.13 for pfSense up to and including 2.1.4 allow remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via (1) the referer parameter to snort_rules_flowbits.php or (2) the returl parameter to snort_select_alias.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pfsense snort package |
||
netgate pfsense 2.1.3 |
||
netgate pfsense |