4 matches found
KLA10269 OSI vulnerability in Nessus
An unspecified vulnerability was found in Nessus. By exploiting this vulnerability malicious users can obtain sensitive information. This vulnerability can be exploited remotely at a point related to Web UI. Original advisories - Related products Nessus CVE list CVE-2014-4980 warning Solution...
CVE-2014-4980
The CVE-2014-4980 entry affects Tenable Nessus/Web UI, specifically Nessus versions 5.2.3–5.2.7. The issue is an information-disclosure vulnerability in the Web UI: the /server/properties endpoint can disclose sensitive data via the token parameter due to insufficient parameter checking. Reported...
CVE-2014-4980 Parameter Tampering in Nessus Web UI - Remote Information Disclosure
Product: Nessus Vendor: Tenable Network Security? Version: Nessus 5.2.3-5.2.7 - Web UI 2.3.4 potentially lower Vendor Notified Date: June 24, 2014 Vendor Resolved Date: June 25, 2014 Release Date: July 18, 2014 Risk: Medium Authentication: Not Required Remote: Yes Description: A parameter tamperi...
Tenable Nessus 5.2.7 Parameter Tampering / Authentication Bypass
Product: Nessus Vendor: Tenable Network Security Version: Nessus 5.2.3-5.2.7 - Web UI 2.3.4 potentially lower Vendor Notified Date: June 24, 2014 Vendor Resolved Date: June 25, 2014 Release Date: July 18, 2014 Risk: Medium Authentication: Not Required Remote: Yes Description: A parameter tamperi...