FreeBSD : py-amf -- input sanitization errors (1fbd6db1-a4e4-11e5-b864-14dae9d210b8)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

oCERT reports :

A specially crafted AMF payload, containing malicious references to
XML external entities, can be used to trigger Denial of Service (DoS)
conditions or arbitrarily return the contents of files that are
accessible with the running application privileges.

See also :

http://www.ocert.org/advisories/ocert-2015-011.html
http://www.nessus.org/u?85a1bf42

Solution :

Update the affected packages.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 87480 ()

Bugtraq ID:

CVE ID: CVE-2015-8549

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now