FreeBSD : Pubcookie Login Server -- XSS vulnerability (115a1389-858e-11e0-a76c-000743057ca2)

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Nathan Dors, Pubcookie Project reports :

A new non-persistent XSS vulnerability was found in the Pubcookie
login server's compiled binary 'index.cgi' CGI program. The CGI
program mishandles untrusted data when printing responses to the
browser. This makes the program vulnerable to carefully crafted
requests containing script or HTML. If an attacker can lure an
unsuspecting user to visit carefully staged content, the attacker can
use it to redirect the user to his or her local Pubcookie login page
and attempt to exploit the XSS vulnerability.

See also :

http://pubcookie.org/news/20070606-login-secadv.html
http://www.nessus.org/u?8e6ec0c9

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 54619 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now