FreeBSD : WebCalendar -- remote file inclusion vulnerability (60f8fe7b-3cfb-11da-baa2-0004614cc33d)

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

WebCalendar is proven vulnerable to a remote file inclusion
vulnerability. The send_reminders.php does not properly verify the
'includedir' parameter, giving remote attackers the possibility to
include local and remote files. These files can be used by the
attacker to gain access to the system.

See also :

http://www.nessus.org/u?4cbbfaad
http://www.nessus.org/u?dbde2bcf

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 21436 (freebsd_pkg_60f8fe7b3cfb11dabaa20004614cc33d.nasl)

Bugtraq ID: 14651

CVE ID: CVE-2005-2717

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now