CVE-2014-4695

Published: Jul 2, 2014Modified: May 6, 2026

5.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability: 8.6 / Impact: 4.9

Source: NVD

Description

Multiple open redirect vulnerabilities in the Snort package before 3.0.13 for pfSense through 2.1.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the referer parameter to snort_rules_flowbits.php or (2) the returl parameter to snort_select_alias.php.

Affected (3)

Products: Netgate: Pfsense · Pfsense: Snort Package

1 product

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Netgate Pfsense	Up to 2.1.4
Netgate Pfsense	Version 2.1.3
Pfsense Snort Package	Up to 3.0.12

References (2)

https://pfsense.org/security/advisories/pfSense-SA-14_13.packages.asc

Source: cve@mitre.org

Vendor Advisory

https://pfsense.org/security/advisories/pfSense-SA-14_13.packages.asc

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.