FreeBSD : devel/ipython -- CSRF possible remote execution vulnerability (81326883-2905-11e5-a4a5-002590263bf5)

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Kyle Kelley reports :

Summary: POST requests exposed via the IPython REST API are vulnerable
to cross-site request forgery (CSRF). Web pages on different domains
can make non-AJAX POST requests to known IPython URLs, and IPython
will honor them. The user's browser will automatically send IPython
cookies along with the requests. The response is blocked by the
Same-Origin Policy, but the request isn't.

API paths with issues :

- POST /api/contents/<path>/<file>

- POST /api/contents/<path>/<file>/checkpoints

- POST /api/contents/<path>/<file>/checkpoints/<checkpoint_id>

- POST /api/kernels

- POST /api/kernels/<kernel_id>/<action>

- POST /api/sessions

- POST /api/clusters/<cluster_id>/<action>

See also :

http://seclists.org/oss-sec/2015/q3/92
http://ipython.org/ipython-doc/3/whatsnew/version3.html#ipython-3-2-1
http://www.nessus.org/u?5558d24d

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 84707 ()

Bugtraq ID:

CVE ID: CVE-2015-5607

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now