CVE-2014-4980

Summary

CVE	CVE-2014-4980
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2014-07-23 14:55:00 UTC
Updated	2018-10-09 19:49:00 UTC
Description	The /server/properties resource in Tenable Web UI before 2.3.5 for Nessus 5.2.3 through 5.2.7 allows remote attackers to obtain sensitive information via the token parameter.

Risk And Classification

Problem Types: CWE-200

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Tenable	Nessus	5.2.3	All	All	All
Application	Tenable	Nessus	5.2.4	All	All	All
Application	Tenable	Nessus	5.2.5	All	All	All
Application	Tenable	Nessus	5.2.6	All	All	All
Application	Tenable	Nessus	5.2.7	All	All	All
Application	Tenable	Nessus	5.2.3	All	All	All
Application	Tenable	Nessus	5.2.4	All	All	All
Application	Tenable	Nessus	5.2.5	All	All	All
Application	Tenable	Nessus	5.2.6	All	All	All
Application	Tenable	Nessus	5.2.7	All	All	All
Application	Tenable	Web Ui	All	All	All	All

References

Reference	Source	Link	Tags
[R4] Tenable Nessus Web UI /server/properties token Parameter Remote Information Disclosure \| Tenable Network Security	CONFIRM	www.tenable.com	Vendor Advisory
109376	OSVDB	www.osvdb.org
SecurityFocus	BUGTRAQ	www.securityfocus.com
Tenable Nessus 5.2.7 Parameter Tampering / Authentication Bypass ≈ Packet Storm	MISC	packetstormsecurity.com	Exploit
Nessus Web UI CVE-2014-4980 Information Disclosure Vulnerability	BID	www.securityfocus.com
CVE-2014-4980 Parameter Tampering in Nessus Web UI	MISC	www.halock.com
Tenable Nessus Access Control Flaw in Web UI Lets Remote Users Obtain Potentially Sensitive Information - SecurityTracker	SECTRACK	www.securitytracker.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.