This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.
The remote Amazon Linux AMI host is missing a security update.
The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20,
8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not
properly restrict access to files and URLs, which allows remote
authenticated users to modify data, obtain sensitive information, or
trigger outbound traffic to arbitrary external hosts by leveraging (1)
stylesheet commands that are permitted by the libxslt security options
or (2) an xslt_process feature, related to an XML External Entity (aka
See also :
Run 'yum update postgresql9' to update your system.
Risk factor :
Medium / CVSS Base Score : 4.9
Family: Amazon Linux Local Security Checks
Nessus Plugin ID: 69611 ()
CVE ID: CVE-2012-3488
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.