Oracle Solaris Third-Party Patch Update : keystone (cve_2014_3621_information_disclosure)
Medium Nessus Plugin ID 80659
SynopsisThe remote Solaris system is missing a security patch for third-party software.
DescriptionThe remote Solaris system is missing necessary patches to address security updates :
- The catalog url replacement in Keystone before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by '$(admin_token)' in the publicurl endpoint field. (CVE-2014-3621)
SolutionUpgrade to Solaris 22.214.171.124.1.