Skip to main content

Tenable Nessus Web UI Information Disclosure Vulnerability

Last Update Date: 23 Jul 2014 Release Date: 22 Jul 2014 4094 Views

RISK: Medium Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

A vulnerability was identified in Tenable Nessus. A remote user can obtain potentially sensitive information.

A remote user can send a specially crafted request to the '/server/properties' URL to obtain potentially sensitive information without authenticating.


Impact

  • Information Disclosure

System / Technologies affected

  • Versions 5.2.3 - 5.2.7 (Web UI 2.3.4)

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • The vendor has issued a fix (Web UI 2.3.5).

Vulnerability Identifier


Source


Related Link