Multiple open redirect vulnerabilities in the Suricata package prior to 1.0.6 for pfSense up to and including 2.1.4 allow remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via (1) the referer parameter to suricata_rules_flowbits.php or (2) the returl parameter to suricata_select_alias.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
netgate pfsense |
||
pfsense suricata package |
||
netgate pfsense 2.1.3 |