This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
Kyle Kelley reports :
Summary: POST requests exposed via the IPython REST API are vulnerable
to cross-site request forgery (CSRF). Web pages on different domains
can make non-AJAX POST requests to known IPython URLs, and IPython
will honor them. The user's browser will automatically send IPython
cookies along with the requests. The response is blocked by the
Same-Origin Policy, but the request isn't.
API paths with issues :
- POST /api/contents/<path>/<file>
- POST /api/contents/<path>/<file>/checkpoints
- POST /api/contents/<path>/<file>/checkpoints/<checkpoint_id>
- POST /api/kernels
- POST /api/kernels/<kernel_id>/<action>
- POST /api/sessions
- POST /api/clusters/<cluster_id>/<action>
See also :
Update the affected package.
Risk factor :
Medium / CVSS Base Score : 6.8