Tenable Nessus 6.x < 6.8 Multiple Vulnerabilities
High Nessus Plugin ID 92465
SynopsisAn application running on the remote host is affected by multiple vulnerabilities.
DescriptionAccording to its self-reported version number, the Tenable Nessus application running on the remote host is 6.x prior to 6.8. It is, therefore, affected by multiple vulnerabilities :
- A buffer overflow condition exists in the Expat XML parser due to improper validation of user-supplied input when handling malformed input documents. An authenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-0718)
- A stored cross-site (XSS) scripting vulnerability exists that can be exploited by an authenticated, remote attacker that has user-level access to the Nessus user interface. (CVE-2016-1000028)
- Multiple stored cross-site (XSS) scripting vulnerabilities exist that can be exploited by an authenticated, remote attacker that has administrative-level access to the Nessus user interface. These issues would only affect other users with administrative access. (CVE-2016-1000029)
SolutionUpgrade to Tenable Nessus version 6.8 or later.