Vulnerability Description
The /server/properties resource in Tenable Web UI before 2.3.5 for Nessus 5.2.3 through 5.2.7 allows remote attackers to obtain sensitive information via the token parameter.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tenable | Nessus | 5.2.3 |
| Tenable | Web Ui | <= 2.3.4 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/127532/Tenable-Nessus-5.2.7-Parameter-TampeExploit
- http://www.halock.com/blog/cve-2014-4980-parameter-tampering-nessus-web-ui/
- http://www.osvdb.org/109376
- http://www.securityfocus.com/archive/1/532839/100/0/threaded
- http://www.securityfocus.com/bid/68782
- http://www.securitytracker.com/id/1030614
- http://www.tenable.com/security/tns-2014-05Vendor Advisory
- http://packetstormsecurity.com/files/127532/Tenable-Nessus-5.2.7-Parameter-TampeExploit
- http://www.halock.com/blog/cve-2014-4980-parameter-tampering-nessus-web-ui/
- http://www.osvdb.org/109376
- http://www.securityfocus.com/archive/1/532839/100/0/threaded
- http://www.securityfocus.com/bid/68782
- http://www.securitytracker.com/id/1030614
- http://www.tenable.com/security/tns-2014-05Vendor Advisory
FAQ
What is CVE-2014-4980?
CVE-2014-4980 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The /server/properties resource in Tenable Web UI before 2.3.5 for Nessus 5.2.3 through 5.2.7 allows remote attackers to obtain sensitive information via the token parameter.
How severe is CVE-2014-4980?
CVE-2014-4980 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-4980?
Check the references section above for vendor advisories and patch information. Affected products include: Tenable Nessus, Tenable Web Ui.