Tenable Nessus < 7.1.0 Multiple Vulnerabilities (TNS-2018-05)
Medium Nessus Plugin ID 110096
SynopsisTenable Nessus running on the remote host is affected by multiple vulnerabilities.
DescriptionAccording to its self-reported version, the Tenable Nessus application running on the remote host is prior to 7.1.0. It is, therefore, affected by multiple vulnerabilities:
- Tenable Nessus contains a flaw that allows a stored cross-site scripting (XSS) attack. This flaw exists because the program does not properly sanitize input to a specially crafted .nessus file before returning it to users. This may allow an authenticated remote attacker to create a specially crafted request that executes arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (CVE-2018-1147)
- Tenable Nessus contains a flaw that allows conducting a session fixation attack. This flaw exists because the application, when establishing a new session, does not invalidate an existing session identifier and assign a new one. With a specially crafted request fixating the session identifier, a context-dependent attacker can ensure a user authenticates with the known session identifier, allowing the session to be subsequently hijacked. (CVE-2018-1148)
SolutionUpgrade to Tenable Nessus version 7.1.0 or later.