Newest Plugins

Cisco IOS XR NetFlow and Network Processor (NP) Chip DoS (Typhoon-based Line Cards)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

The remote Cisco device is running a version of Cisco IOS XR software
that is potentially affected by a denial of service vulnerability
related the handling of a maliciously crafted packet with a multicast
destination MAC address routed by a bridge-group virtual interface.

Note that this issue only affects Cisco ASR 9000 series devices using
Typhoon-based line cards with a Bridge Virtual Interface (BVI)
configured for egress NetFlow collection with a static ARP mapping a
unicast IP address to a multicast MAC address.

See also :

http://tools.cisco.com/security/center/viewAlert.x?alertId=35416
http://www.nessus.org/u?e974efbe
https://tools.cisco.com/bugsearch/bug/CSCup77750

Solution :

Apply the relevant patch referenced in Cisco bug ID CSCup77750.

Risk factor :

Medium / CVSS Base Score : 4.6
(CVSS2#AV:A/AC:H/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 4.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is (C) 2014 Tenable Network Security, Inc.

VMware Security Updates for vCenter Server (VMSA-2014-0008)


Synopsis:

The remote host has a virtualization management application installed
that is affected by multiple security vulnerabilities.

Description:

The version of VMware vCenter installed on the remote host is 5.5
prior to Update 2. It is, therefore, affected by multiple third party
library vulnerabilities :

- The bundled version of Apache Struts contains a code
execution flaw. (CVE-2014-0114)

- The bundled tc-server / Apache Tomcat contains multiple
issues. (CVE-2013-4590, CVE-2013-4322, and
CVE-2014-0050)

- The bundled version of Oracle JRE is prior to 1.7.0_55
and thus is affected by multiple vulnerabilities.

See also :

http://www.vmware.com/security/advisories/VMSA-2014-0006.html
http://lists.vmware.com/pipermail/security-announce/2014/000260.html

Solution :

Upgrade to VMware vCenter Server 5.5u2 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

VMware vCenter Update Manager Multiple Java Vulnerabilities (VMSA-2014-0008)


Synopsis:

The remote host has an update manager installed that is affected by
multiple vulnerabilities.

Description:

The version of VMware vCenter Update Manager installed on the remote
Windows host is 5.5 prior to Update 2. It is, therefore, affected by
multiple vulnerabilities related to the bundled version of Oracle JRE
prior to 1.7.0_55.

See also :

http://www.vmware.com/security/advisories/VMSA-2014-0008.html
http://lists.vmware.com/pipermail/security-announce/2014/000260.html

Solution :

Upgrade to vCenter Update Manager 5.5 Update 2 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Ubuntu 10.04 LTS / 12.04 LTS / 14.04 : apt vulnerabilities (USN-2348-1)


Synopsis:

The remote Ubuntu host is missing a security-related patch.

Description:

It was discovered that APT did not re-verify downloaded files when the
If-Modified-Since wasn't met. (CVE-2014-0487)

It was discovered that APT did not invalidate repository data when it
switched from an unauthenticated to an authenticated state.
(CVE-2014-0488)

It was discovered that the APT Acquire::GzipIndexes option caused APT
to skip checksum validation. This issue only applied to Ubuntu 12.04
LTS and Ubuntu 14.04 LTS, and was not enabled by default.
(CVE-2014-0489)

It was discovered that APT did not correctly validate signatures when
downloading source packages using the download command. This issue
only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-0490).

Solution :

Update the affected apt package.

Risk factor :

High

Ubuntu Security Notice (C) 2014 Canonical, Inc. / NASL script (C) 2014 Tenable Network Security, Inc.

Ubuntu 10.04 LTS / 12.04 LTS / 14.04 : python-django vulnerabilities (USN-2347-1)


Synopsis:

The remote Ubuntu host is missing a security-related patch.

Description:

Florian Apolloner discovered that Django incorrectly validated URLs. A
remote attacker could use this issue to conduct phishing attacks.
(CVE-2014-0480)

David Wilson discovered that Django incorrectly handled file name
generation. A remote attacker could use this issue to cause Django to
consume resources, resulting in a denial of service. (CVE-2014-0481)

David Greisen discovered that Django incorrectly handled certain
headers in contrib.auth.middleware.RemoteUserMiddleware. A remote
authenticated user could use this issue to hijack web sessions.
(CVE-2014-0482)

Collin Anderson discovered that Django incorrectly checked if a field
represented a relationship between models in the administrative
interface. A remote authenticated user could use this issue to
possibly obtain sensitive information. (CVE-2014-0483).

Solution :

Update the affected python-django package.

Risk factor :

Medium / CVSS Base Score : 6.0
(CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P)
CVSS Temporal Score : 5.2
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Ubuntu Security Notice (C) 2014 Canonical, Inc. / NASL script (C) 2014 Tenable Network Security, Inc.

Ubuntu 14.04 : openjdk-7 update (USN-2319-3)


Synopsis:

The remote Ubuntu host is missing one or more security-related patches.

Description:

USN-2319-1 fixed vulnerabilities in OpenJDK 7. This update provides
stability fixes for the arm64 and ppc64el architectures.

Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure, data integrity and availability. An attacker
could exploit these to cause a denial of service or expose sensitive
data over the network. (CVE-2014-2483, CVE-2014-2490, CVE-2014-4216,
CVE-2014-4219, CVE-2014-4223, CVE-2014-4262)

Several vulnerabilities were discovered in the OpenJDK JRE
related to information disclosure and data integrity. An
attacker could exploit these to expose sensitive data over
the network. (CVE-2014-4209, CVE-2014-4244, CVE-2014-4263)

Two vulnerabilities were discovered in the OpenJDK JRE
related to data integrity. (CVE-2014-4218, CVE-2014-4266)

A vulnerability was discovered in the OpenJDK JRE related to
availability. An attacker could exploit this to cause a
denial of service. (CVE-2014-4264)

Several vulnerabilities were discovered in the OpenJDK JRE
related to information disclosure. An attacker could exploit
these to expose sensitive data over the network.
(CVE-2014-4221, CVE-2014-4252, CVE-2014-4268).

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Ubuntu Security Notice (C) 2014 Canonical, Inc. / NASL script (C) 2014 Tenable Network Security, Inc.

SuSE 11.3 Security Update : procmail (SAT Patch Number 9689)


Synopsis:

The remote SuSE 11 host is missing a security update.

Description:

procmail was updated to fix a security issue in its formail helper.

- When formail processed specially crafted e-mail headers
a heap corruption could be triggered, which would lead
to a crash of formail. (CVE-2014-3618)

See also :

https://bugzilla.novell.com/show_bug.cgi?id=894999
http://support.novell.com/security/cve/CVE-2014-3618.html

Solution :

Apply SAT patch number 9689.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Solaris 10 (x86) : 150313-06


Synopsis:

The remote host is missing Sun Security Patch number 150313-06

Description:

SunOS 5.10_x86: iscsi patch.
Date this patch was last updated by Sun : Sep/13/14

See also :

https://getupdates.oracle.com/readme/150313-06

Solution :

You should install this patch for your system to be up-to-date.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Solaris 10 (sparc) : 150312-06


Synopsis:

The remote host is missing Sun Security Patch number 150312-06

Description:

SunOS 5.10: iscsi patch.
Date this patch was last updated by Sun : Sep/13/14

See also :

https://getupdates.oracle.com/readme/150312-06

Solution :

You should install this patch for your system to be up-to-date.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

openSUSE Security Update : php5 (openSUSE-SU-2014:1133-1)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

php5 was updated to fix three security issues :

- Insecure temporary file use for cache data was fixed by
switching to a different root only directory
/var/cache/php-pear (CVE-2014-5459)

- An incomplete fix for CVE-2014-4049 (CVE-2014-3597)

- gd extension: NUL byte injection in filenames passed to
image handling functions was fixed (CVE-2014-5120)

Also a bug was fixed :

- fixed suhosin crash if used with php
session_set_save_handler() [bnc#895658]

See also :

http://lists.opensuse.org/opensuse-updates/2014-09/msg00024.html
https://bugzilla.novell.com/show_bug.cgi?id=893849
https://bugzilla.novell.com/show_bug.cgi?id=893853
https://bugzilla.novell.com/show_bug.cgi?id=893855
https://bugzilla.novell.com/show_bug.cgi?id=895658

Solution :

Update the affected php5 packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

openSUSE Security Update : ppp (openSUSE-SU-2014:1135-1)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

ppp was updated to fix an integer overflow in option parsing.
(CVE-2014-3158, bnc#891489).

See also :

http://lists.opensuse.org/opensuse-updates/2014-09/msg00026.html
https://bugzilla.novell.com/show_bug.cgi?id=891489

Solution :

Update the affected ppp packages.

Risk factor :

Medium

This script is Copyright (C) 2014 Tenable Network Security, Inc.

openSUSE Security Update : python-django (openSUSE-SU-2014:1132-1)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

Python Django was updated to fix security issues and bugs.

Update to version 1.4.15 on openSUSE 12.3 :

+ Prevented reverse() from generating URLs pointing to
other hosts to prevent phishing attacks (bnc#893087,
CVE-2014-0480)

+ Removed O(n) algorithm when uploading duplicate file
names to fix file upload denial of service (bnc#893088,
CVE-2014-0481)

+ Modified RemoteUserMiddleware to logout on REMOTE_USE
change to prevent session hijacking (bnc#893089,
CVE-2014-0482)

+ Prevented data leakage in contrib.admin via query string
manipulation (bnc#893090, CVE-2014-0483)

+ Fixed: Caches may incorrectly be allowed to store and
serve private data (bnc#877993, CVE-2014-1418)

+ Fixed: Malformed redirect URLs from user input not
correctly validated (bnc#878641, CVE-2014-3730)

+ Fixed queries that may return unexpected results on
MySQL due to typecasting (bnc#874956, CVE-2014-0474)

+ Prevented leaking the CSRF token through caching
(bnc#874955, CVE-2014-0473)

+ Fixed a remote code execution vulnerabilty in URL
reversing (bnc#874950, CVE-2014-0472)

Update to version 1.5.10 on openSUSE 13.1 :

+ Prevented reverse() from generating URLs pointing to
other hosts to prevent phishing attacks (bnc#893087,
CVE-2014-0480)

+ Removed O(n) algorithm when uploading duplicate file
names to fix file upload denial of service (bnc#893088,
CVE-2014-0481)

+ Modified RemoteUserMiddleware to logout on REMOTE_USE
change to prevent session hijacking (bnc#893089,
CVE-2014-0482)

+ Prevented data leakage in contrib.admin via query string
manipulation (bnc#893090, CVE-2014-0483)

- Update to version 1.5.8 :

+ Fixed: Caches may incorrectly be allowed to store and
serve private data (bnc#877993, CVE-2014-1418)

+ Fixed: Malformed redirect URLs from user input not
correctly validated (bnc#878641, CVE-2014-3730)

+ Fixed queries that may return unexpected results on
MySQL due to typecasting (bnc#874956, CVE-2014-0474)

+ Prevented leaking the CSRF token through caching
(bnc#874955, CVE-2014-0473)

+ Fixed a remote code execution vulnerabilty in URL
reversing (bnc#874950, CVE-2014-0472)

See also :

http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html
https://bugzilla.novell.com/show_bug.cgi?id=874950
https://bugzilla.novell.com/show_bug.cgi?id=874955
https://bugzilla.novell.com/show_bug.cgi?id=874956
https://bugzilla.novell.com/show_bug.cgi?id=877993
https://bugzilla.novell.com/show_bug.cgi?id=878641
https://bugzilla.novell.com/show_bug.cgi?id=893087
https://bugzilla.novell.com/show_bug.cgi?id=893088
https://bugzilla.novell.com/show_bug.cgi?id=893089
https://bugzilla.novell.com/show_bug.cgi?id=893090

Solution :

Update the affected python-django package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

FreeBSD : nginx -- inject commands into SSL session vulnerability (77b784bb-3dc6-11e4-b191-f0def16c5c1b)


Synopsis:

The remote FreeBSD host is missing one or more security-related
updates.

Description:

The nginx project reports :

Security: it was possible to reuse SSL sessions in unrelated contexts
if a shared SSL session cache or the same TLS session ticket key was
used for multiple 'server' blocks (CVE-2014-3616).

See also :

http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html
http://www.nessus.org/u?c1f80884

Solution :

Update the affected packages.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Debian DSA-3026-1 : dbus - security update


Synopsis:

The remote Debian host is missing a security-related update.

Description:

Alban Crequy and Simon McVittie discovered several vulnerabilities in
the D-Bus message daemon.

- CVE-2014-3635
On 64-bit platforms, file descriptor passing could be
abused by local users to cause heap corruption in
dbus-daemon, leading to a crash, or potentially to
arbitrary code execution.

- CVE-2014-3636
A denial-of-service vulnerability in dbus-daemon allowed
local attackers to prevent new connections to
dbus-daemon, or disconnect existing clients, by
exhausting descriptor limits.

- CVE-2014-3637
Malicious local users could create D-Bus connections to
dbus-daemon which could not be terminated by killing the
participating processes, resulting in a
denial-of-service vulnerability.

- CVE-2014-3638
dbus-daemon suffered from a denial-of-service
vulnerability in the code which tracks which messages
expect a reply, allowing local attackers to reduce the
performance of dbus-daemon.

- CVE-2014-3639
dbus-daemon did not properly reject malicious
connections from local users, resulting in a
denial-of-service vulnerability.

See also :

https://security-tracker.debian.org/tracker/CVE-2014-3635
https://security-tracker.debian.org/tracker/CVE-2014-3636
https://security-tracker.debian.org/tracker/CVE-2014-3637
https://security-tracker.debian.org/tracker/CVE-2014-3638
https://security-tracker.debian.org/tracker/CVE-2014-3639
http://www.debian.org/security/2014/dsa-3026

Solution :

Upgrade the dbus packages.

For the stable distribution (wheezy), these problems have been fixed
in version 1.6.8-1+deb7u4.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Debian DSA-3025-1 : apt - security update


Synopsis:

The remote Debian host is missing a security-related update.

Description:

It was discovered that APT, the high level package manager, does not
properly invalidate unauthenticated data (CVE-2014-0488 ), performs
incorrect verification of 304 replies (CVE-2014-0487 ), does not
perform the checksum check when the Acquire::GzipIndexes option is
used (CVE-2014-0489 ) and does not properly perform validation for
binary packages downloaded by the apt-get download command
(CVE-2014-0490 ).

See also :

https://security-tracker.debian.org/tracker/CVE-2014-0488
https://security-tracker.debian.org/tracker/CVE-2014-0487
https://security-tracker.debian.org/tracker/CVE-2014-0489
https://security-tracker.debian.org/tracker/CVE-2014-0490
http://www.debian.org/security/2014/dsa-3025

Solution :

Upgrade the apt packages.

For the stable distribution (wheezy), these problems have been fixed
in version 0.9.7.9+deb7u3.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Adobe Reader <= 10.1.10 / 11.0.07 Multiple Vulnerabilities (APSB14-20) (Mac OS X)


Synopsis:

The version of Adobe Reader on the remote Mac OS X host is affected by
multiple vulnerabilities.

Description:

The version of Adobe Reader installed on the remote host is version
10.x equal to or prior to 10.1.10, or 11.x equal to or prior to
11.0.07. It is, therefore, affected by multiple vulnerabilities :

- A use-after-free error exists that allows arbitrary code
execution. (CVE-2014-0560)

- A heap-based buffer overflow exists that allows
arbitrary code execution. (CVE-2014-0561, CVE-2014-0567)

- An input-validation error exists that allows universal
cross-site scripting (UXSS) attacks. (CVE-2014-0562)

- A memory corruption error exists that allows denial of
service attacks. (CVE-2014-0563)

- Memory corruption errors exist that allow arbitrary code
execution. (CVE-2014-0565, CVE-2014-0566)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

https://helpx.adobe.com/security/products/acrobat/apsb14-20.html

Solution :

Upgrade to Adobe Reader 10.1.12 / 11.0.09 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Adobe Acrobat <= 10.1.10 / 11.0.07 Multiple Vulnerabilities (APSB14-20) (Mac OS X)


Synopsis:

The version of Adobe Acrobat on the remote Mac OS X host is affected
by multiple vulnerabilities.

Description:

The version of Adobe Acrobat installed on the remote host is version
10.x equal to or prior to 10.1.10, or 11.x equal to or prior to
11.0.07. It is, therefore, affected by multiple vulnerabilities :

- A use-after-free error exists that allows arbitrary code
execution. (CVE-2014-0560)

- A heap-based buffer overflow exists that allows
arbitrary code execution. (CVE-2014-0561, CVE-2014-0567)

- An input-validation error exists that allows universal
cross-site scripting (UXSS) attacks. (CVE-2014-0562)

- A memory corruption error exists that allows denial of
service attacks. (CVE-2014-0563)

- Memory corruption errors exist that allow arbitrary code
execution. (CVE-2014-0565, CVE-2014-0566)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

https://helpx.adobe.com/security/products/acrobat/apsb14-20.html

Solution :

Upgrade to Adobe Acrobat 10.1.12 / 11.0.09 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Adobe Reader < 10.1.12 / 11.0.09 Multiple Vulnerabilities (APSB14-20)


Synopsis:

The version of Adobe Reader on the remote Windows host is affected by
multiple vulnerabilities.

Description:

The version of Adobe Reader installed on the remote host is a version
prior to 10.1.12 / 11.0.09. It is, therefore, affected by the
following vulnerabilities :

- A use-after-free error exists that allows arbitrary code
execution. (CVE-2014-0560)

- A heap-based buffer overflow exists that allows
arbitrary code execution. (CVE-2014-0561, CVE-2014-0567)

- A memory corruption error exists that allows denial of
service attacks. (CVE-2014-0563)

- Memory corruption errors exist that could allow
arbitrary code execution. (CVE-2014-0565, CVE-2014-0566)

- An unspecified error exists that allows the bypassing
of the sandbox security restrictions. (CVE-2014-0568)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

http://helpx.adobe.com/security/products/reader/apsb14-20.html

Solution :

Upgrade to Adobe Reader 10.1.12 / 11.0.09 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Adobe Acrobat < 10.1.12 / 11.0.09 Multiple Vulnerabilities (APSB14-20)


Synopsis:

The version of Adobe Acrobat on the remote Windows host is affected by
multiple vulnerabilities.

Description:

The version of Adobe Acrobat installed on the remote host is a version
prior to 10.1.12 / 11.0.09. It is, therefore, affected by the
following vulnerabilities :

- A use-after-free error exists that allows arbitrary code
execution. (CVE-2014-0560)

- A heap-based buffer overflow exists that allows
arbitrary code execution. (CVE-2014-0561, CVE-2014-0567)

- A memory corruption error exists that allows denial of
service attacks. (CVE-2014-0563)

- Memory corruption errors exist that could allow
arbitrary code execution. (CVE-2014-0565, CVE-2014-0566)

- An unspecified error exists that allows the bypassing
of the sandbox security restrictions. (CVE-2014-0568)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

http://helpx.adobe.com/security/products/reader/apsb14-20.html

Solution :

Upgrade to Adobe Acrobat 10.1.12 / 11.0.09 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

IBM Rational License Key Server Administration and Reporting Tool 8.1.4.x < 8.1.4.4 Multiple Vulnerabilities


Synopsis:

The remote host is affected by multiple vulnerabilities.

Description:

The remote host is running a version 8.1.4.x of IBM Rational License
Key Server Administration and Reporting Tool (RLKS) that is prior to
8.1.4.4. It is, therefore, affected by multiple vulnerabilities :

- The secure flag for session cookies is not properly set
when in SSL mode. An attacker can exploit this
vulnerability to capture sensitive information from a
cookie by intercepting its transmission. (CVE-2014-0909)

- An information disclosure vulnerability exists that
allows an attacker to gain access to license usage data
by using a specially crafted SPARQL query.
(CVE-2014-3079)

- An unspecified vulnerability exists that is related to
user session cookies, which an attacker can exploit to
impersonate a legitimate user. (CVE-2014-4756)

See also :

http://www.ibm.com/support/docview.wss?uid=swg21681449

Solution :

Upgrade to Rational License Key Server Fix Pack 4 (8.1.4.4) or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

IBM Rational License Key Server Administration and Reporting Tool Default Credentials


Synopsis:

The remote host is running a web application with a default set of
known login credentials.

Description:

Nessus was able to login to the remote web interface for the IBM
Rational License Key Server Administration and Reporting Tool using a
default set of known credentials.

See also :

http://www.nessus.org/u?76a417b4

Solution :

Change the password for the default login.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 7.5
(CVSS2#E:H/RL:ND/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

IBM Rational License Key Server Administration and Reporting Tool Detection


Synopsis:

The remote host is running the web interface for a license key server.

Description:

Nessus detected the web interface for the IBM Rational License Key
Server Administration and Reporting Tool.

See also :

http://www.nessus.org/u?9348f61e

Solution :

n/a

Risk factor :

None

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Webmin < 1.690 Multiple XSS


Synopsis:

The remote web server is affected by multiple cross-site scripting
vulnerabilities.

Description:

According to its self-reported version, the Webmin install hosted on
the remote host is prior to version 1.690. It is, therefore, affected
by multiple cross-site scripting vulnerabilities :

- The application is affected by multiple unspecified
cross-site scripting vulnerabilities. (CVE-2014-3885)

- The application is affected by a cross-site scripting
vulnerability when 'referrer checking' is disabled.
(CVE-2014-3886)

- The application is affected by multiple cross-site
scripting vulnerabilities related to popup windows.
(CVE-2014-3924)

See also :

http://jvn.jp/en/jp/JVN49974594/index.html
http://jvn.jp/en/jp/JVN02213197/index.html
http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-3924.html
http://www.webmin.com/changes.html

Solution :

Upgrade to Webmin 1.690 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Usermin < 1.600 Multiple Vulnerabilities


Synopsis:

The remote web server is affected by multiple vulnerabilities.

Description:

According to its self-reported version number, the Usermin install
hosted on the remote web server is prior to 1.600. It is, therefore,
affected by the following vulnerabilities :

- An unspecified remote command execution vulnerability.
(CVE-2014-3883)

- Multiple cross-site scripting (XSS) vulnerabilities.
(CVE-2014-3924).

See also :

http://jvn.jp/en/jp/JVN92737498/index.html
http://www.webmin.com/uchanges.html

Solution :

Upgrade Usermin 1.600 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Usermin Null Byte Filtering Information Disclosure


Synopsis:

The remote web server is affected by an information disclosure
vulnerability.

Description:

The version of Usermin installed on the remote host is affected by an
information disclosure vulnerability due to the Perl script
'miniserv.pl' failing to properly filter null characters from URLs. An
attacker could exploit this to reveal the source code of CGI scripts,
obtain directory listings, or launch cross-site scripting attacks
against the affected application.

See also :

http://www.webmin.com/security.html

Solution :

Upgrade to Usermin 1.226 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:F/RL:U/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Usermin 'miniserv.pl' Arbitrary File Disclosure


Synopsis:

The remote web server is affected by an information disclosure flaw.

Description:

The Usermin install on the remote host is affected by an information
disclosure flaw in the Perl script 'miniserv.pl'. This flaw could
allow a remote, unauthenticated attacker to read arbitrary files on
the affected host, subject to the privileges of the web server user
id.

See also :

http://www.webmin.com/uchanges.html

Solution :

Upgrade Usermin 1.220 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Usermin Detection


Synopsis:

A webmail administration application is running on the remote host.

Description:

The remote web server is running Usermin, a webmail administration
application with a web-based interface.

See also :

http://www.webmin.com/usermin.html

Solution :

n/a

Risk factor :

None

This script is Copyright (C) 2014 Tenable Network Security, Inc.

phpMyAdmin 4.0.x < 4.0.10.3 / 4.1.x < 4.1.14.4 / 4.2.x < 4.2.8.1 Micro History XSS and XSRF Vulnerabilities (PMASA-2014-10)


Synopsis:

The remote web server hosts a PHP application that is affected by
cross-site scripting and cross-site request forgery vulnerabilities.

Description:

According to its self-reported version number, the phpMyAdmin
application hosted on the remote web server is 4.0.x prior to
4.0.10.3, 4.1.x prior to 4.1.14.4, or 4.2.x prior to 4.2.8.1. It is,
therefore, affected by an input-validation error related to the 'micro
history' feature that could allow a DOM-based cross-site scripting
attack that could further lead to cross-site request forgery attacks.

Note that Nessus has not tested for this issue but has instead relied
only on the application's self-reported version number.

See also :

http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php
http://www.nessus.org/u?8ef26e90

Solution :

Upgrade to phpMyAdmin 4.0.10.3 / 4.1.14.4 / 4.2.8.1 or later, or apply
the patches from the referenced links.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Ubuntu 10.04 LTS / 12.04 LTS / 14.04 : curl vulnerabilities (USN-2346-1)


Synopsis:

The remote Ubuntu host is missing one or more security-related patches.

Description:

Tim Ruehsen discovered that curl incorrectly handled partial literal
IP addresses. This could lead to the disclosure of cookies to the
wrong site, and malicious sites being able to set cookies for others.
(CVE-2014-3613)

Tim Ruehsen discovered that curl incorrectly allowed cookies to be set
for Top Level Domains (TLDs). This could allow a malicious site to set
a cookie that gets sent to other sites. (CVE-2014-3620).

Solution :

Update the affected libcurl3, libcurl3-gnutls and / or libcurl3-nss
packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Ubuntu Security Notice (C) 2014 Canonical, Inc. / NASL script (C) 2014 Tenable Network Security, Inc.

Scientific Linux Security Update : axis on SL5.x, SL6.x i386/x86_64


Synopsis:

The remote Scientific Linux host is missing one or more security
updates.

Description:

It was discovered that Axis incorrectly extracted the host name from
an X.509 certificate subject's Common Name (CN) field. A
man-in-the-middle attacker could use this flaw to spoof an SSL server
using a specially crafted X.509 certificate. (CVE-2014-3596)

Applications using Apache Axis must be restarted for this update to
take effect.

See also :

http://www.nessus.org/u?2a91b707

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 5 : nss and nspr (RHSA-2014:1246)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated nss and nspr packages that fix multiple security issues,
several bugs, and add various enhancements are now available for Red
Hat Enterprise Linux 5.

Red Hat Product Security has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

Network Security Services (NSS) is a set of libraries designed to
support the cross-platform development of security-enabled client and
server applications.

A flaw was found in the way TLS False Start was implemented in NSS. An
attacker could use this flaw to potentially return unencrypted
information from the server. (CVE-2013-1740)

A race condition was found in the way NSS implemented session ticket
handling as specified by RFC 5077. An attacker could use this flaw to
crash an application using NSS or, in rare cases, execute arbitrary
code with the privileges of the user running that application.
(CVE-2014-1490)

It was found that NSS accepted weak Diffie-Hellman Key exchange (DHKE)
parameters. This could possibly lead to weak encryption being used in
communication between the client and the server. (CVE-2014-1491)

An out-of-bounds write flaw was found in NSPR. A remote attacker could
potentially use this flaw to crash an application using NSPR or,
possibly, execute arbitrary code with the privileges of the user
running that application. This NSPR flaw was not exposed to web
content in any shipped version of Firefox. (CVE-2014-1545)

It was found that the implementation of Internationalizing Domain
Names in Applications (IDNA) hostname matching in NSS did not follow
the RFC 6125 recommendations. This could lead to certain invalid
certificates with international characters to be accepted as valid.
(CVE-2014-1492)

Red Hat would like to thank the Mozilla project for reporting the
CVE-2014-1490, CVE-2014-1491, and CVE-2014-1545 issues. Upstream
acknowledges Brian Smith as the original reporter of CVE-2014-1490,
Antoine Delignat-Lavaud and Karthikeyan Bhargavan as the original
reporters of CVE-2014-1491, and Abhishek Arya as the original reporter
of CVE-2014-1545.

The nss and nspr packages have been upgraded to upstream version
3.16.1 and 4.10.6 respectively, which provide a number of bug fixes
and enhancements over the previous versions. (BZ#1110857, BZ#1110860)

This update also fixes the following bugs :

* Previously, when the output.log file was not present on the system,
the shell in the Network Security Services (NSS) specification handled
test failures incorrectly as false positive test results.
Consequently, certain utilities, such as 'grep', could not handle
failures properly. This update improves error detection in the
specification file, and 'grep' and other utilities now handle missing
files or crashes as intended. (BZ#1035281)

* Prior to this update, a subordinate Certificate Authority (CA) of
the ANSSI agency incorrectly issued an intermediate certificate
installed on a network monitoring device. As a consequence, the
monitoring device was enabled to act as an MITM (Man in the Middle)
proxy performing traffic management of domain names or IP addresses
that the certificate holder did not own or control. The trust in the
intermediate certificate to issue the certificate for an MITM device
has been revoked, and such a device can no longer be used for MITM
attacks. (BZ#1042684)

* Due to a regression, MD5 certificates were rejected by default
because Network Security Services (NSS) did not trust MD5
certificates. With this update, MD5 certificates are supported in Red
Hat Enterprise Linux 5. (BZ#11015864)

Users of nss and nspr are advised to upgrade to these updated
packages, which correct these issues and add these enhancements.

See also :

https://www.redhat.com/security/data/cve/CVE-2013-1740.html
https://www.redhat.com/security/data/cve/CVE-2014-1490.html
https://www.redhat.com/security/data/cve/CVE-2014-1491.html
https://www.redhat.com/security/data/cve/CVE-2014-1492.html
https://www.redhat.com/security/data/cve/CVE-2014-1545.html
http://rhn.redhat.com/errata/RHSA-2014-1246.html

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 5 : krb5 (RHSA-2014:1245)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated krb5 packages that fix multiple security issues and two bugs
are now available for Red Hat Enterprise Linux 5.

Red Hat Product Security has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

Kerberos is an authentication system which allows clients and services
to authenticate to each other with the help of a trusted third party,
a Kerberos Key Distribution Center (KDC).

It was found that if a KDC served multiple realms, certain requests
could cause the setup_server_realm() function to dereference a NULL
pointer. A remote, unauthenticated attacker could use this flaw to
crash the KDC using a specially crafted request. (CVE-2013-1418,
CVE-2013-6800)

A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO
acceptor for continuation tokens. A remote, unauthenticated attacker
could use this flaw to crash a GSSAPI-enabled server application.
(CVE-2014-4344)

A buffer over-read flaw was found in the way MIT Kerberos handled
certain requests. A man-in-the-middle attacker with a valid Kerberos
ticket who is able to inject packets into a client or server
application's GSSAPI session could use this flaw to crash the
application. (CVE-2014-4341)

This update also fixes the following bugs :

* Prior to this update, the libkrb5 library occasionally attempted to
free already freed memory when encrypting credentials. As a
consequence, the calling process terminated unexpectedly with a
segmentation fault. With this update, libkrb5 frees memory correctly,
which allows the credentials to be encrypted appropriately and thus
prevents the mentioned crash. (BZ#1004632)

* Previously, when the krb5 client library was waiting for a response
from a server, the timeout variable in certain cases became a negative
number. Consequently, the client could enter a loop while checking for
responses. With this update, the client logic has been modified and
the described error no longer occurs. (BZ#1089732)

All krb5 users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing
the updated packages, the krb5kdc daemon will be restarted
automatically.

See also :

https://www.redhat.com/security/data/cve/CVE-2013-1418.html
https://www.redhat.com/security/data/cve/CVE-2013-6800.html
https://www.redhat.com/security/data/cve/CVE-2014-4341.html
https://www.redhat.com/security/data/cve/CVE-2014-4344.html
http://rhn.redhat.com/errata/RHSA-2014-1245.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 5 : bind97 (RHSA-2014:1244)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated bind97 packages that fix one security issue and one bug are
now available for Red Hat Enterprise Linux 5.

Red Hat Product Security has rated this update as having Moderate
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The Berkeley Internet Name Domain (BIND) is an implementation of the
Domain Name System (DNS) protocols. It contains a DNS server (named),
a resolver library with routines for applications to use when
interfacing with DNS, and tools for verifying that the DNS server is
operating correctly. These packages contain version 9.7 of the BIND
suite.

A denial of service flaw was found in the way BIND handled queries for
NSEC3-signed zones. A remote attacker could use this flaw against an
authoritative name server that served NCES3-signed zones by sending a
specially crafted query, which, when processed, would cause named to
crash. (CVE-2014-0591)

Note: The CVE-2014-0591 issue does not directly affect the version of
bind97 shipped in Red Hat Enterprise Linux 5. This issue is being
addressed however to assure it is not introduced in future builds of
bind97 (possibly built with a different compiler or C library
optimization).

This update also fixes the following bug :

* Previously, the bind97 initscript did not check for the existence of
the ROOTDIR variable when shutting down the named daemon. As a
consequence, some parts of the file system that are mounted when using
bind97 in a chroot environment were unmounted on daemon shut down,
even if bind97 was not running in a chroot environment. With this
update, the initscript has been fixed to check for the existence of
the ROOTDIR variable when unmounting some parts of the file system on
named daemon shut down. Now, when shutting down bind97 that is not
running in a chroot environment, no parts of the file system are
unmounted. (BZ#1059118)

All bind97 users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. After
installing the update, the BIND daemon (named) will be restarted
automatically.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-0591.html
http://rhn.redhat.com/errata/RHSA-2014-1244.html

Solution :

Update the affected packages.

Risk factor :

Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 2.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 5 : automake (RHSA-2014:1243)


Synopsis:

The remote Red Hat host is missing a security update.

Description:

An updated automake package that fixes one security issue is now
available for Red Hat Enterprise Linux 5.

Red Hat Product Security has rated this update as having Low security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in
the References section.

Automake is a tool for automatically generating Makefile.in files
compliant with the GNU Coding Standards.

It was found that the distcheck rule in Automake-generated Makefiles
made a directory world-writable when preparing source archives. If a
malicious, local user could access this directory, they could execute
arbitrary code with the privileges of the user running 'make
distcheck'. (CVE-2012-3386)

Red Hat would like to thank Jim Meyering for reporting this issue.
Upstream acknowledges Stefano Lattarini as the original reporter.

All automake users are advised to upgrade to this updated package,
which contains a backported patch to correct this issue.

See also :

https://www.redhat.com/security/data/cve/CVE-2012-3386.html
http://rhn.redhat.com/errata/RHSA-2014-1243.html

Solution :

Update the affected automake package.

Risk factor :

Medium / CVSS Base Score : 4.4
(CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 3.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 5 / 6 : axis (RHSA-2014:1193)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated axis packages that fix one security issue are now available
for Red Hat Enterprise Linux 5 and 6.

Red Hat Product Security has rated this update as having Important
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

Apache Axis is an implementation of SOAP (Simple Object Access
Protocol). It can be used to build both web service clients and
servers.

It was discovered that Axis incorrectly extracted the host name from
an X.509 certificate subject's Common Name (CN) field. A
man-in-the-middle attacker could use this flaw to spoof an SSL server
using a specially crafted X.509 certificate. (CVE-2014-3596)

For additional information on this flaw, refer to the Knowledgebase
article in the References section.

This issue was discovered by David Jorm and Arun Neelicattu of Red Hat
Product Security.

All axis users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. Applications using
Apache Axis must be restarted for this update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-3596.html
https://access.redhat.com/solutions/1164433
http://rhn.redhat.com/errata/RHSA-2014-1193.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 5.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Oracle Linux 5 / 6 : axis (ELSA-2014-1193)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

From Red Hat Security Advisory 2014:1193 :

Updated axis packages that fix one security issue are now available
for Red Hat Enterprise Linux 5 and 6.

Red Hat Product Security has rated this update as having Important
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

Apache Axis is an implementation of SOAP (Simple Object Access
Protocol). It can be used to build both web service clients and
servers.

It was discovered that Axis incorrectly extracted the host name from
an X.509 certificate subject's Common Name (CN) field. A
man-in-the-middle attacker could use this flaw to spoof an SSL server
using a specially crafted X.509 certificate. (CVE-2014-3596)

For additional information on this flaw, refer to the Knowledgebase
article in the References section.

This issue was discovered by David Jorm and Arun Neelicattu of Red Hat
Product Security.

All axis users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. Applications using
Apache Axis must be restarted for this update to take effect.

See also :

https://oss.oracle.com/pipermail/el-errata/2014-September/004438.html
https://oss.oracle.com/pipermail/el-errata/2014-September/004440.html

Solution :

Update the affected axis packages.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 5.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

openSUSE Security Update : LibreOffice (openSUSE-SU-2014:1126-1)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

This update fixes memory corruption vulnerability in DOCM import and
data exposure using crafted OLE objects.

See also :

http://lists.opensuse.org/opensuse-updates/2014-09/msg00020.html
https://bugzilla.novell.com/show_bug.cgi?id=831578
https://bugzilla.novell.com/show_bug.cgi?id=893141

Solution :

Update the affected LibreOffice packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

CentOS 5 / 6 : axis (CESA-2014:1193)


Synopsis:

The remote CentOS host is missing one or more security updates.

Description:

Updated axis packages that fix one security issue are now available
for Red Hat Enterprise Linux 5 and 6.

Red Hat Product Security has rated this update as having Important
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

Apache Axis is an implementation of SOAP (Simple Object Access
Protocol). It can be used to build both web service clients and
servers.

It was discovered that Axis incorrectly extracted the host name from
an X.509 certificate subject's Common Name (CN) field. A
man-in-the-middle attacker could use this flaw to spoof an SSL server
using a specially crafted X.509 certificate. (CVE-2014-3596)

For additional information on this flaw, refer to the Knowledgebase
article in the References section.

This issue was discovered by David Jorm and Arun Neelicattu of Red Hat
Product Security.

All axis users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. Applications using
Apache Axis must be restarted for this update to take effect.

See also :

http://www.nessus.org/u?6c606f63
http://www.nessus.org/u?09a7576d

Solution :

Update the affected axis packages.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 5.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Junos Pulse Secure Access IVE OS Clickjacking (JSA10647)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

According to its self-reported version, the version of IVE running on
the remote host is affected by a clickjacking vulnerability.

See also :

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10647

Solution :

Upgrade to Juniper Junos IVE OS version 7.1r18 / 7.4r5 / 8.0r1 or
later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Junos Pulse Secure Access IVE OS XSS (JSA10646)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

According to its self-reported version, the version of IVE running on
the remote host is affected by a cross site scripting vulnerability
due to incorrect user input validation on the SSL VPN web server. Note
that this issue exists within a web page that is only accessible by an
authenticated user session.

See also :

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10646

Solution :

Upgrade to Juniper Junos IVE OS version 7.1r20 / 7.4r13 / 8.0r6. or
later.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 5.6
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.