Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2016.0105
A vulnerability has been identified in Tenable Nessus prior
to version 6.9.1.
11 November 2016
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Tenable Nessus
Operating System: Windows
OS X
Linux variants
FreeBSD
Impact/Access: Cross-site Scripting -- Existing Account
Resolution: Patch/Upgrade
Member content until: Sunday, December 11 2016
OVERVIEW
A vulnerability has been identified in Tenable Nessus prior to
version 6.9.1. [1]
IMPACT
The vendor has provided the following details regarding the
vulnerabilities:
"Nessus and Tenable's managed Nessus Cloud offering were found to be
impacted by an authenticated stored cross-site scripting (XSS) issue
reported to us by Kaustubh Padwad. Tenable thanks him for privately
reporting the issue to us and giving us time to resolve the issue." [1]
MITIGATION
Tenable advises users should upgrade to the latest version of
Tenable Nessus to address these issues. [1]
REFERENCES
[1] [R2] Nessus 6.9.1 Fixes One Vulnerability
http://www.tenable.com/security/tns-2016-17
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWCVJCIx+lLeg9Ub1AQhddA//WXA37Fuqi7+w9FFduRYkLv/kuLRC2SBI
6USSkbPcsJ0uf41ShMVijb1gM+yANeXcUCVo7VRmUFngOmgDGaZWOp6EISB9k6br
hBCVqZ6iUIDZCu0zoX8TQmbm4pNgghspn+ouVKiFF2yNyWxXTtjBTnjplQl8DnOW
BXc9M01bdnz6mhGQplHVNt8eqk/KMmwNFV1ftX0Gm/EijybXkRngkwVBOzQ0fgOh
mWI2KQRa9aaxj2n63vENi8o7cKyd9ejYqinV68G8Hwv1UE1ZNGxraD9aSKGDqvqy
2S2fU9FPCLDHn0jqbRtZMa8RHVNM9IzMmvmxjL0SCSvJe4WKna8pC4iwDXvgWoFU
BgIWPp0UEf+YGaBpqxswkpArtMSBOpInzOUupmhvhEIn6fMfy1M3kEHc0KxVgNDr
bhrEcOfk31JDCaRhT2VpX7dQ046Ynzb2AMlGiH6EKSkuGK+1MmWTzOPAMgnWUkEZ
4wPWiO73V3PJy650dj0nNtELixf5Rdv74rfgLczpM8zdNxrDrDJUdS5oM10n2+CR
EVoTe0zAkOCEVvhZSlLZr4xFtxtf9rVkbQhyX/2U4LoACg6BOjKjs/4/rqZu5PEl
XLWGcvrVU8cPGSrqOeGEdegCvcGeIUyQhpcopL7nbYf3ST5bl1qfCvzqFrm6gYfm
oR8chOXlza0=
=exqj
-----END PGP SIGNATURE-----