FreeBSD : Axis2 -- XSS (XSS) vulnerability (0baadc45-92d0-11e6-8011-005056925db4)

medium Nessus Plugin ID 94126

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Apache Axis2 reports :

Apache Axis2 1.7.3 is a security release that contains a fix for CVE-2010-3981. That security vulnerability affects the admin console that is part of the Axis2 Web application and was originally reported for SAP BusinessObjects (which includes a version of Axis2). That report didn't mention Axis2 at all and the Axis2 project only recently became aware (thanks to Devesh Bhatt and Nishant Agarwala) that the issue affects Apache Axis2 as well.

Solution

Update the affected package.

See Also

http://axis.apache.org/axis2/java/core/release-notes/1.7.3.html

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=213546

http://www.nessus.org/u?b56709cd

Plugin Details

Severity: Medium

ID: 94126

File Name: freebsd_pkg_0baadc4592d011e68011005056925db4.nasl

Version: 2.3

Type: local

Published: 10/19/2016

Updated: 1/4/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:axis2, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 10/18/2016

Vulnerability Publication Date: 10/18/2010

Reference Information

CVE: CVE-2010-3981