Detections
Analytics
Tenable Appliance Web Authentication Bypass
high Nessus Plugin ID 58232
Language:
Synopsis
A web application running on the remote host has an authentication bypass vulnerability.Description
The version of Tenable Appliance running on the remote host has an authentication bypass vulnerability.A remote, unauthenticated attacker could exploit this to gain administrative access to the web interface.
Solution
Upgrade to Tenable Appliance 2.0.1 or later.If upgrading is not possible, obtain the relevant hotfix from the customer support portal and apply it to the appliance using the 'Update Appliance' section of the web interface's Administration page.
For version 1.0.3, use TenableApplianceHotfix_1.0.3.tar.gz.
For version 1.0.4 or 2.0.0, use TenableApplianceHotfix.tar.gz
Note that if a version of the appliance earlier than 1.0.3 is in use, the hotfix cannot be applied and the system should be upgraded to the latest version of the appliance.
Plugin Details
Severity: High
ID: 58232
File Name: tenable_appliance_web_bypass.nasl
Version: 1.5
Type: remote
Family: CGI abuses
Published: 7/17/2012
Updated: 2/22/2021
Supported Sensors: Nessus
Vulnerability Information
CPE: cpe:/a:tenable:appliance
Required KB Items: www/tenable_appliance
Patch Publication Date: 8/11/2011
Vulnerability Publication Date: 5/17/2012