Description
The /server/properties resource in Tenable Web UI before 2.3.5 for Nessus 5.2.3 through 5.2.7 allows remote attackers to obtain sensitive information via the token parameter.
References (7)
Core 7
Core References
Vendor Advisory x_refsource_confirm
http://www.tenable.com/security/tns-2014-05
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/532839/100/0/threaded
Various Sources x_refsource_misc
http://www.halock.com/blog/cve-2014-4980-parameter-tampering-nessus-web-ui/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/68782
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1030614
Exploit x_refsource_misc
http://packetstormsecurity.com/files/127532/Tenable-Nessus-5.2.7-Parameter-Tampering-Authentication-Bypass.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/109376
Scores
EPSS
0.0047
EPSS Percentile
65.1%
Details
CWE
CWE-200
Status
published
Products (6)
tenable/nessus
5.2.3
tenable/nessus
5.2.4
tenable/nessus
5.2.5
tenable/nessus
5.2.6
tenable/nessus
5.2.7
tenable/web_ui
< 2.3.4
Published
Jul 23, 2014
Tracked Since
Feb 18, 2026