Tenable SecurityCenter 5.4.x <= 5.4.3 PHP Object Deserialization Remote File Deletion (TNS-2017-05)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

An application installed on the remote host is affected by a PHP
object deserialization vulnerability.

Description :

According to its version, the installation of Tenable SecurityCenter
on the remote host is affected by a PHP object deserialization
vulnerability in the PluginParser.php script. An authenticated, remote
attacker can exploit this, by uploading a specially crafted PHP
object, to delete arbitrary files on the remote host.

Note that Nessus has not tested for this issue but has instead relied
only on the application's self-reported version number.

See also :

http://www.tenable.com/security/tns-2017-05

Solution :

Apply the appropriate patch referenced in the vendor advisory.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N)

Family: Misc.

Nessus Plugin ID: 97575 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now