Adobe Flex SDK Cross-Site Scripting (APSB11-25)

medium Nessus Plugin ID 56992
New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 3

Synopsis

The remote web server hosts one or multiple .swf files affected by a cross-site scripting vulnerability.

Description

The remote host is hosting one or multiple Flash applets (.swf files) that are using the Flex SDK. Flex is a SDK developed by Adobe that is used to create rich web applications.

The .swf files stored on the remote host have been compiled with an older version of the Flex compiler and may therefore be affected to a cross-site scripting vulnerability.

Solution

Either recompile the remote applications with a newer version of the Flex SDK or use the SWF-patching tool Adobe provides.

See Also

https://www.adobe.com/support/security/bulletins/apsb11-25.html

Plugin Details

Severity: Medium

ID: 56992

File Name: flex_xss_vuln.nbin

Version: 1.69

Type: remote

Published: 12/1/2011

Updated: 4/20/2021

Dependencies: http_version.nasl, webmirror.nasl

Risk Information

Risk Factor: Medium

VPR Score: 3

CVSS v2.0

Base Score: 4.3

Temporal Score: 3.6

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:adobe:flex_sdk

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/30/2011

Vulnerability Publication Date: 11/30/2011

Reference Information

CVE: CVE-2011-2461

BID: 50869