CVE-2014-4696

Published: Jul 2, 2014Modified: May 6, 2026

5.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability: 8.6 / Impact: 4.9

Source: NVD

Description

Multiple open redirect vulnerabilities in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the referer parameter to suricata_rules_flowbits.php or (2) the returl parameter to suricata_select_alias.php.

Affected (3)

Products: Netgate: Pfsense · Pfsense: Suricata Package

1 product

1 product

Suricata Package

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Netgate Pfsense	Up to 2.1.4
Netgate Pfsense	Version 2.1.3
Pfsense Suricata Package	Up to 1.0.5

References (2)

https://pfsense.org/security/advisories/pfSense-SA-14_13.packages.asc

Source: cve@mitre.org

Vendor Advisory

https://pfsense.org/security/advisories/pfSense-SA-14_13.packages.asc

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.