Nessus Web UI Vulnerability (CVE-2014-4980)
Release date:
Updated on:
Affected Systems:
Tenable Nessus 5.2.7
Tenable Nessus 5.2.6
Tenable Nessus 5.2.5
Tenable Nessus 5.2.4
Tenable Nessus 5.2.3
Description:
--------------------------------------------------------------------------------
Bugtraq id: 68782
CVE (CAN) ID: CVE-2014-4980
Nessus is a popular vulnerability scanning program.
In Nessus 5.2.3-5.2.7, the/server/properties resources in Tenable Web UI versions earlier than 2.3.5 have the information leakage vulnerability. Remote attackers can exploit this vulnerability to obtain sensitive information through token parameters.
<* Source: Robert Gilbert
Link: http://www.osvdb.org/109376
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Tenable
-------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.tenable.com/products/nessus
Http://www.tenable.com/security/tns-2014-05
This article permanently updates the link address: