Summary
This host is installed with Nessus and is prone to information disclosure vulnerability.
Impact
Successful exploitation will allow remote attackers to gain knowledge on sensitive information.
Impact Level: Application
Solution
Upgrade Tenable Web UI component to 2.3.5 in Nessus. For updates refer http://www.tenable.com/products/nessus
Insight
The flaw exists due to an error in /server/properties which does not validate 'token' parameter.
Affected
Tenable Web UI before 2.3.5 in Nessus versions 5.2.3 through 5.2.7
Detection
Send a crafted data via HTTP GET request and check whether it is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-4980 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- An Image Gallery Directory Traversal Vulnerability
- Apache Tomcat NIO Connector Denial of Service Vulnerability
- Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability
- Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities
- Apache Tomcat DOS Device Name XSS