Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Tenable Nessus 5.2.7 Parameter Tampering / Authentication Bypass

🗓️ 21 Jul 2014 00:00:00Reported by Robert GilbertType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 52 Views

A vulnerability in Nessus 5.2.7 allows remote retrieval of sensitive information via web UI and bypasses authentication

Related
Code
ReporterTitlePublishedViews
Family
CVE		CVE-2014-4980
23 Jul 201414:00
cve
Cvelist		CVE-2014-4980
23 Jul 201414:00
cvelist
EUVD		EUVD-2014-4895
7 Oct 202500:30
euvd
Kaspersky		KLA10269 OSI vulnerability in Nessus
21 Aug 201400:00
kaspersky
NVD		CVE-2014-4980
23 Jul 201414:55
nvd
OpenVAS		Tenable Nessus Web UI Information Disclosure Vulnerability
8 Aug 201400:00
openvas
Prion		Code injection
23 Jul 201414:55
prion
securityvulns		CVE-2014-4980 Parameter Tampering in Nessus Web UI - Remote Information Disclosure
22 Jul 201400:00
securityvulns
securityvulns		Nessus Web UI information leakage
22 Jul 201400:00
securityvulns
`Product: Nessus  
Vendor: Tenable Network Security‎  
Version: Nessus 5.2.3-5.2.7 - Web UI 2.3.4 (potentially lower)  
Vendor Notified Date: June 24, 2014  
Vendor Resolved Date: June 25, 2014  
Release Date: July 18, 2014  
Risk: Medium  
Authentication: Not Required  
Remote: Yes  
  
Description:  
A parameter tampering vulnerability exists in Nessus 5.2.7 and potentially below that allows remote attackers to retrieve potentially sensitive information from the server via the Nessus Web UI. By not checking each parameter, an attacker can retrieve information meant for authenticated users.  
Successful exploitation of this vulnerability resulted in retrieving the following data without authentication, which can assist an attacker to launching further attacks:  
Plugin Set, Server uuid, Web Server Version, Nessus UI Version, Nessus Type, Notifications, MSP, Capabilities, Multi Scanner, Multi User, Tags, Reset Password, Report Diff, Report Email Config, Report Email, PCI Upload, Plugin Rules, Plugin Set, Idle Timeout, Scanner Boot time, Server Version, Feed, and Status.  
  
Exploit steps for proof-of-concept:  
1. Navigate to http://vulnerablehost.com/server/properties?token= and observe the returned content.  
2. Navigate to http://vulnerablehost.com/server/properties?token=1 and observe the newly returned content meant for authenticated sessions.  
  
Vendor Response: Fix was added to Web UI 2.3.5 on June 25, 2014.  
  
Reference:  
CVE-2014-4980  
http://www.halock.com/blog/cve-2014-4980-parameter-tampering-nessus-web-ui/  
http://www.tenable.com/security/tns-2014-05  
  
Credit:  
Robert Gilbert  
HALOCK Security Labs  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Jul 2014 00:00Current
0.3Low risk
Vulners AI Score0.3
EPSS0.00475
nessusparameter tamperingauthentication bypassremotevulnerabilityweb uisensitive informationcve-2014-4980halock security labs
52