FreeBSD : coppermine -- Multiple vulnerabilities (6dd5e45c-f084-11e1-8d0f-406186f3d89d)

This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The Coppermine Team reports :

The release covers several path disclosure vulnerabilities. If
unpatched, it's possible to generate an error that will reveal the
full path of the script. A remote user can determine the full path to
the web root directory and other potentially sensitive information.
Furthermore, the release covers a recently discovered XSS
vulnerability that allows (if unpatched) a malevolent visitor to
include own script routines under certain conditions.

See also :

http://seclists.org/oss-sec/2012/q2/11
http://forum.coppermine-gallery.net/index.php/topic,74682.0.html
http://www.nessus.org/u?a16c3be9

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 61743 ()

Bugtraq ID:

CVE ID: CVE-2012-1613
CVE-2012-1614

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now