Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

[R5] Nessus 5.0 Fixes Third-party Library Vulnerability

Related Vulnerabilities: CVE-2011-1473  

Tenable's Nessus scanner is affected by a vulnerability in the bundled version of the OpenSSL library. The issue is triggered when a malicious client requests multiple SSL/TLS renegotations, and will result in a temporary loss of availability for the web service.

Source

Synopsis

Tenable's Nessus scanner is affected by a vulnerability in the bundled version of the OpenSSL library. The issue is triggered when a malicious client requests multiple SSL/TLS renegotations, and will result in a temporary loss of availability for the web service.

Solution

Tenable has updated the product to address this issue. Please see the instructions below:

Tenable has released Nessus version 5.0 that corresponds to the supported operating systems and architectures. This version bundles an updated OpenSSL library which is not affected.

To update your Nessus installation, follow these steps:

  1. Download the appropriate installation file to the system hosting Nessus or Nessus Enterprise, available at the Tenable Support Portal (https://support.tenable.com/support-center/index.php?x=&mod_id=200)
  2. Stop the Nessus service.
  3. Install according to your operating system procedures.
  4. Restart the Nessus service.

In addition, Tenable has authored a Nessus Plugin (ID 53491, ssl_renegotiation_dos.nasl) that detects this TLS/SSL vulnerability.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started