FreeBSD : mod_pubcookie -- XSS vulnerability (91afa94c-c452-11da-8bff-000ae42e9b93)

This script is Copyright (C) 2006-2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Nathan Dors of the Pubcookie Project reports :

Non-persistent XSS vulnerabilities were found in the Pubcookie Apache
module (mod_pubcookie) and ISAPI filter. These components mishandle
untrusted data when printing responses to the browser. This makes them
vulnerable to carefully crafted requests containing script or HTML. If
an attacker can lure an unsuspecting user to visit carefully staged
content, the attacker can use it to redirect the user to a vulnerable
Pubcookie application server and attempt to exploit the XSS
vulnerabilities.

These vulnerabilities are classified as *high* due to the nature and
purpose of Pubcookie application servers for user authentication and
Web Single Sign-on (SSO). An attacker who injects malicious script
through the vulnerabilities might steal private Pubcookie data
including a user's authentication assertion ('granting') cookies and
application session cookies.

See also :

http://www.nessus.org/u?1238ae3d

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 21474 (freebsd_pkg_91afa94cc45211da8bff000ae42e9b93.nasl)

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now