FreeBSD : activemq -- Web Console XSS (a6cc5753-f29e-11e5-b4a9-ac220bdcec59)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Vladimir Ivanov (Positive Technologies) reports :

Several instances of cross-site scripting vulnerabilities were
identified to be present in the web-based administration console as
well as the ability to trigger a Java memory dump into an arbitrary
folder. The root cause of these issues are improper user data output
validation and incorrect permissions configured on Jolokia.

See also :

http://www.nessus.org/u?41dd5ff8
http://www.nessus.org/u?4ed2ffc2

Solution :

Update the affected package.

Risk factor :

Low / CVSS Base Score : 3.5
(CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 90236 ()

Bugtraq ID:

CVE ID: CVE-2016-0782

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now