Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2016.0105 A vulnerability has been identified in Tenable Nessus prior to version 6.9.1. 11 November 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Tenable Nessus Operating System: Windows OS X Linux variants FreeBSD Impact/Access: Cross-site Scripting -- Existing Account Resolution: Patch/Upgrade Member content until: Sunday, December 11 2016 OVERVIEW A vulnerability has been identified in Tenable Nessus prior to version 6.9.1. [1] IMPACT The vendor has provided the following details regarding the vulnerabilities: "Nessus and Tenable's managed Nessus Cloud offering were found to be impacted by an authenticated stored cross-site scripting (XSS) issue reported to us by Kaustubh Padwad. Tenable thanks him for privately reporting the issue to us and giving us time to resolve the issue." [1] MITIGATION Tenable advises users should upgrade to the latest version of Tenable Nessus to address these issues. [1] REFERENCES [1] [R2] Nessus 6.9.1 Fixes One Vulnerability http://www.tenable.com/security/tns-2016-17 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWCVJCIx+lLeg9Ub1AQhddA//WXA37Fuqi7+w9FFduRYkLv/kuLRC2SBI 6USSkbPcsJ0uf41ShMVijb1gM+yANeXcUCVo7VRmUFngOmgDGaZWOp6EISB9k6br hBCVqZ6iUIDZCu0zoX8TQmbm4pNgghspn+ouVKiFF2yNyWxXTtjBTnjplQl8DnOW BXc9M01bdnz6mhGQplHVNt8eqk/KMmwNFV1ftX0Gm/EijybXkRngkwVBOzQ0fgOh mWI2KQRa9aaxj2n63vENi8o7cKyd9ejYqinV68G8Hwv1UE1ZNGxraD9aSKGDqvqy 2S2fU9FPCLDHn0jqbRtZMa8RHVNM9IzMmvmxjL0SCSvJe4WKna8pC4iwDXvgWoFU BgIWPp0UEf+YGaBpqxswkpArtMSBOpInzOUupmhvhEIn6fMfy1M3kEHc0KxVgNDr bhrEcOfk31JDCaRhT2VpX7dQ046Ynzb2AMlGiH6EKSkuGK+1MmWTzOPAMgnWUkEZ 4wPWiO73V3PJy650dj0nNtELixf5Rdv74rfgLczpM8zdNxrDrDJUdS5oM10n2+CR EVoTe0zAkOCEVvhZSlLZr4xFtxtf9rVkbQhyX/2U4LoACg6BOjKjs/4/rqZu5PEl XLWGcvrVU8cPGSrqOeGEdegCvcGeIUyQhpcopL7nbYf3ST5bl1qfCvzqFrm6gYfm oR8chOXlza0= =exqj -----END PGP SIGNATURE-----