FreeBSD : joomla -- multiple vulnerabilities (a9f60ce8-a4e0-11e5-b864-14dae9d210b8)

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The JSST and the Joomla! Security Center report : [20151201] - Core -
Remote Code Execution Vulnerability Browser information is not
filtered properly while saving the session values into the database
which leads to a Remote Code Execution vulnerability. [20151202] -
Core - CSRF Hardening Add additional CSRF hardening in com_templates.
[20151203] - Core - Directory Traversal Failure to properly sanitize
input data from the XML install file located within an extension's
package archive allows for directory traversal. [20151204] - Core -
Directory Traversal Inadequate filtering of request data leads to a
Directory Traversal vulnerability.

See also :

http://www.nessus.org/u?b06a8fbc
http://www.nessus.org/u?bec8944e
http://www.nessus.org/u?08e45224
http://www.nessus.org/u?c674f363
http://www.nessus.org/u?4c388902
http://www.nessus.org/u?115dae7b

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 87483 ()

Bugtraq ID:

CVE ID: CVE-2015-8562
CVE-2015-8563
CVE-2015-8564
CVE-2015-8565

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now