Beanstalkd < 1.4.6 Remote Beanstalkd Command Injection

This script is Copyright (C) 2010-2017 Tenable Network Security, Inc.

Synopsis :

The remote host has an application that may allow modification of
data via a restricted set of commands.

Description :

The installed version of Beanstalkd allows injection of Beanstalk

A malicious producer process or client could exploit this issue to
inject arbitrary beanstalkd commands via the 'PUT' command to view
status of existing jobs or delete jobs from the Beanstalkd queue
without co-operation from the consumer process or the client.

See also :

Solution :

Upgrade to version 1.4.6 or later.

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 46884 (beanstalkd_remote_beanstalk_cmd_inject.nasl)

Bugtraq ID: 40516

CVE ID: CVE-2010-2060

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now