Security Center < 3.4 Multiple Unspecified Traversals

Medium Nessus Network Monitor Plugin ID 4714

Synopsis

The remote web server contains a PHP application that is prone to directory traversal attacks.

Description

The version of Tenable Security Center installed on the remote host appears to be earlier than 3.4.2.1. Such versions contain two vulnerabilities that allow a user who was logged into the Security Center to obtain system files.

Solution

Upgrade to version 3.4.2.1 or higher.

See Also

http://www.tenablesecurity.com/news/rssview.php?id=174

Plugin Details

Severity: Medium

ID: 4714

Family: Web Servers

Published: 2008/10/21

Modified: 2016/01/30

Dependencies: 1442

Nessus ID: 34443

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 4

Temporal Score: 3

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 4.3

Temporal Score: 3.8

Vector: CVSS3#AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS3#E:U/RL:O/RC:C