FreeBSD : zope -- XSS vulnerability (34414a1e-e377-11db-b8ab-000c76189c4c)

This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The Zope Team reports :

A vulnerability has been discovered in Zope, where by certain types of
misuse of HTTP GET, an attacker could gain elevated privileges. All
Zope versions up to and including 2.10.2 are affected.

See also :

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=111119
http://www.zope.org/Products/Zope/Hotfix-2007-03-20/announcement/view
http://plone.org/products/plone/releases/2.5.3
http://www.nessus.org/u?cfb56039

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.6
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 25015 (freebsd_pkg_34414a1ee37711dbb8ab000c76189c4c.nasl)

Bugtraq ID: 23084

CVE ID: CVE-2007-0240

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now