Oracle Solaris Third-Party Patch Update : transmission (cve_2012_4037_xss_vulnerability)

low Nessus Plugin ID 80796

Synopsis

The remote Solaris system is missing a security patch for third-party software.

Description

The remote Solaris system is missing necessary patches to address security updates :

- Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file. (CVE-2012-4037)

Solution

Upgrade to Solaris 11.1.19.6.0.

See Also

http://www.nessus.org/u?4a913f44

http://www.nessus.org/u?4e49a49d

Plugin Details

Severity: Low

ID: 80796

File Name: solaris11_transmission_20140522.nasl

Version: 1.4

Type: local

Published: 1/19/2015

Updated: 1/14/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.8

CVSS v2

Risk Factor: Low

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/o:oracle:solaris:11.1, p-cpe:/a:oracle:solaris:transmission

Required KB Items: Host/local_checks_enabled, Host/Solaris11/release, Host/Solaris11/pkg-list

Patch Publication Date: 5/22/2014

Reference Information

CVE: CVE-2012-4037