FreeBSD : Zend Framework -- Local File Inclusion vulnerability in Zend_View::render() (cf495fd4-fdcd-11dd-9a86-0050568452ac)

This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Matthew Weier O'Phinney reports :

A potential Local File Inclusion (LFI) vulnerability exists in the
Zend_View::render() method. If user input is used to specify the
script path, then it is possible to trigger the LFI.

Note that Zend Framework applications that never call the
Zend_View::render() method with a user-supplied parameter are not
affected by this vulnerability.

See also :

http://framework.zend.com/issues/browse/ZF-5748
http://www.nessus.org/u?b389a738

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 35714 (freebsd_pkg_cf495fd4fdcd11dd9a860050568452ac.nasl)

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now