Synopsis :

The remote web server contains a PHP application that is affected by
an IP spoofing issue.

Description :

The version of Gallery hosted on the remote web server allows an
attacker to spoof the IP address with a bogus 'X_FORWARDED_FOR' HTTP
header.

In addition, an authenticated attacker can reportedly leverage this
flaw to launch cross-site scripting attacks by adding comments to a
photo. The application also reportedly fails to validate a session
id before using it, which can be used to delete arbitrary files on
the remote host subject to the privileges of the web server user id

however, Nessus has not tested for these additional issues.

See also :

http://www.nessus.org/u?3548c5a5
http://www.securityfocus.com/archive/1/426655/30/0/threaded
http://galleryproject.org/gallery_2.0.3_released

Solution :

Upgrade to Gallery 2.0.3 or later.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 5.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true