Detections
Analytics

Security Center < 3.4.2.1 Directory Traversal Arbitrary File Access

medium Nessus Plugin ID 34443

Language:

Synopsis

The remote web server contains a PHP application that is prone to directory traversal attacks.

Description

The version of Tenable Security Center installed on the remote host appears to be earlier than 3.4.2.1. Such versions contain two vulnerabilities that allow a user who was logged into the Security Center to obtain system files.

Solution

Upgrade to Security Center 3.4.2.1 or later.

See Also

https://www.tenable.com/media/in-the-news?id=174

Plugin Details

Severity: Medium

ID: 34443

File Name: sc3_4_2_1.nasl

Version: 1.11

Type: remote

Family: CGI abuses

Published: 10/17/2008

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Vulnerability Information

Required KB Items: www/PHP

Exploit Ease: No exploit is required

Reference Information

CVE: CVE-2008-4367