Security Center < 3.4.2.1 Directory Traversal Arbitrary File Access

medium Nessus Plugin ID 34443

Synopsis

The remote web server contains a PHP application that is prone to directory traversal attacks.

Description

The version of Tenable Security Center installed on the remote host appears to be earlier than 3.4.2.1. Such versions contain two vulnerabilities that allow a user who was logged into the Security Center to obtain system files.

Solution

Upgrade to Security Center 3.4.2.1 or later.

See Also

https://www.tenable.com/media/in-the-news?id=174

Plugin Details

Severity: Medium

ID: 34443

File Name: sc3_4_2_1.nasl

Version: 1.11

Type: remote

Family: CGI abuses

Published: 10/17/2008

Updated: 1/19/2021

Supported Sensors: Nessus

Vulnerability Information

Required KB Items: www/PHP

Exploit Ease: No exploit is required

Reference Information

CVE: CVE-2008-4367