FreeBSD : rt -- Session fixation vulnerability (714c1406-e4cf-11de-883a-003048590f9e)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Secunia reports :

A vulnerability has been reported in RT, which can be exploited by
malicious people to conduct session fixation attacks. The
vulnerability is caused due to an error in the handling of sessions
and can be exploited to hijack another user's session by tricking the
user into logging in after following a specially crafted link.

See also :

http://www.nessus.org/u?0a90ab91

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 5.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 43094 (freebsd_pkg_714c1406e4cf11de883a003048590f9e.nasl)

Bugtraq ID: 37162

CVE ID: CVE-2009-3585

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now