This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
A Bugzilla Security Advisory reports :
- It is possible to inject raw SQL into the Bugzilla database via the
'Bug.create' and 'Bug.search' WebService functions.
- When a user would change his password, his new password would be
exposed in the URL field of the browser if he logged in right after
changing his password.
See also :
Update the affected package.
Risk factor :
High / CVSS Base Score : 7.5
Family: FreeBSD Local Security Checks
Nessus Plugin ID: 41007 (freebsd_pkg_b9ec7fe3a38a11de9c6b003048818f40.nasl)
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now