Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2017-5179 CVE-2017-2122

Tenable Nessus was found to be impacted by two authenticated stored cross-site scripting (XSS) issues. The first was via a report from Asif Balasinor, covered a reflected XSS issue that was deemed to have no risk as it could only be triggered by the authenticated user. While evaluating that report the director of the Nessus development team, Nicolas Pouvesle, discovered a different stored XSS issue. Both of these have been fixed, but only the stored XSS posed a risk. Tenable thanks Asif Balasinor for his report and prompting us to look further. (CVE-2017-5179) The second, a stored XSS issue that requires authentication was reported to JVN/JPCERT by Toshitsugu Yoneyama. (CVE-2017-2122) Please note that Tenable strongly recommends that Nessus be installed on a subnet that is not Internet addressable.

Source

Tenable Nessus was found to be impacted by two authenticated stored cross-site scripting (XSS) issues.

The first was via a report from Asif Balasinor, covered a reflected XSS issue that was deemed to have no risk as it could only be triggered by the authenticated user. While evaluating that report the director of the Nessus development team, Nicolas Pouvesle, discovered a different stored XSS issue. Both of these have been fixed, but only the stored XSS posed a risk. Tenable thanks Asif Balasinor for his report and prompting us to look further. (CVE-2017-5179)

The second, a stored XSS issue that requires authentication was reported to JVN/JPCERT by Toshitsugu Yoneyama. (CVE-2017-2122)

Please note that Tenable strongly recommends that Nessus be installed on a subnet that is not Internet addressable.

Tenable has released Nessus version 6.9.3 that corresponds to the supported operating systems and architectures. This version addresses the XSS issues.

To update your Nessus installation, follow these steps:

Download the appropriate installation file to the system hosting Nessus Professional or Nessus Manager, available at the Tenable Support Portal (https://support.tenable.com/support-center/index.php?x=&mod_id=200)
Stop the Nessus service.
Install according to your operating system procedures.
Restart the Nessus service.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

[R4] Nessus 6.9.3 Fixes Two Vulnerabilities

Synopsis

Solution

Vulmon Search

About

Products

Connect