Tenable Appliance Web Authentication Bypass

high Nessus Plugin ID 58232

Synopsis

A web application running on the remote host has an authentication bypass vulnerability.

Description

The version of Tenable Appliance running on the remote host has an authentication bypass vulnerability.

A remote, unauthenticated attacker could exploit this to gain administrative access to the web interface.

Solution

Upgrade to Tenable Appliance 2.0.1 or later.

If upgrading is not possible, obtain the relevant hotfix from the customer support portal and apply it to the appliance using the 'Update Appliance' section of the web interface's Administration page.

For version 1.0.3, use TenableApplianceHotfix_1.0.3.tar.gz.
For version 1.0.4 or 2.0.0, use TenableApplianceHotfix.tar.gz

Note that if a version of the appliance earlier than 1.0.3 is in use, the hotfix cannot be applied and the system should be upgraded to the latest version of the appliance.

Plugin Details

Severity: High

ID: 58232

File Name: tenable_appliance_web_bypass.nasl

Version: 1.5

Type: remote

Family: CGI abuses

Published: 7/17/2012

Updated: 2/22/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/a:tenable:appliance

Required KB Items: www/tenable_appliance

Patch Publication Date: 8/11/2011

Vulnerability Publication Date: 5/17/2012