Detections
Analytics

Security Center < 3.4 Multiple Unspecified Traversals

medium Nessus Network Monitor Plugin ID 4714

Synopsis

The remote web server contains a PHP application that is prone to directory traversal attacks.

Description

The version of Tenable Security Center installed on the remote host appears to be earlier than 3.4.2.1. Such versions contain two vulnerabilities that allow a user who was logged into the Security Center to obtain system files.

Solution

Upgrade to version 3.4.2.1 or higher.

See Also

http://www.tenablesecurity.com/news/rssview.php?id=174

Plugin Details

Severity: Medium

ID: 4714

Family: Web Servers

Published: 10/21/2008

Updated: 3/6/2019

Nessus ID: 34443

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS v3

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Reference Information

CVE: CVE-2008-4367