Web application abuses : Plex Media Server < 0.9.9.3 Multiple Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.805226

Categoría: Web application abuses

Título: Plex Media Server < 0.9.9.3 Multiple Vulnerabilities

Resumen: Plex Media Server is prone to multiple vulnerabilities.

Descripción: Summary:
Plex Media Server is prone to multiple vulnerabilities.

Vulnerability Insight:
The following flaws exist:

- CVE-2014-9304: An error in '/system/proxy' which fails to validate pre-authentication user
requests.

- CVE-2014-9181: Input appended to the URL after 'manage', 'web' and 'resources' is not properly
sanitised before being used to read files.

Vulnerability Impact:
Successful exploitation will allow remote attackers to disclose certain
sensitive information and bypass certain security restrictions.

Affected Software/OS:
Plex Media Server versions 0.9.9.2.374-aa23a69 and prior.

Solution:
Update to version 0.9.9.3 or later.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-9181
Bugtraq: 20140228 SEC Consult SA-20140228-1 :: Authentication bypass (SSRF) and local file disclosure in Plex Media Server (Google Search)
http://www.securityfocus.com/archive/1/531290
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140228-1_Plex_Media_Server_Authentication_bypass_local_file_disclosure_v10.txt
Common Vulnerability Exposure (CVE) ID: CVE-2014-9304

Copyright Copyright (C) 2014 Greenbone Networks GmbH

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.805226
Categoría:	Web application abuses
Título:	Plex Media Server < 0.9.9.3 Multiple Vulnerabilities
Resumen:	Plex Media Server is prone to multiple vulnerabilities.
Descripción:	Summary: Plex Media Server is prone to multiple vulnerabilities. Vulnerability Insight: The following flaws exist: - CVE-2014-9304: An error in '/system/proxy' which fails to validate pre-authentication user requests. - CVE-2014-9181: Input appended to the URL after 'manage', 'web' and 'resources' is not properly sanitised before being used to read files. Vulnerability Impact: Successful exploitation will allow remote attackers to disclose certain sensitive information and bypass certain security restrictions. Affected Software/OS: Plex Media Server versions 0.9.9.2.374-aa23a69 and prior. Solution: Update to version 0.9.9.3 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-9181 Bugtraq: 20140228 SEC Consult SA-20140228-1 :: Authentication bypass (SSRF) and local file disclosure in Plex Media Server (Google Search) http://www.securityfocus.com/archive/1/531290 https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140228-1_Plex_Media_Server_Authentication_bypass_local_file_disclosure_v10.txt Common Vulnerability Exposure (CVE) ID: CVE-2014-9304
Copyright	Copyright (C) 2014 Greenbone Networks GmbH