FreeBSD : foreman-proxy SSL verification issue (c30c3a2e-4fb1-11e4-b275-14dae9d210b8)

This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Foreman Security reports :

The smart proxy when running in an SSL-secured mode permits incoming
API calls to any endpoint without requiring, or performing any
verification of an SSL client certificate. This permits any client
with access to the API to make requests and perform actions permitting
control of Puppet CA, DHCP, DNS etc.)

See also :

https://groups.google.com/forum/#!topic/foreman-announce/LcjZx25Bl7U
http://www.nessus.org/u?18f5dcb8

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 78114 ()

Bugtraq ID:

CVE ID: CVE-2014-3691

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now