Vulnerability Databases: Classification and Registry

2018-06-05T15:57:41

Description

What publicly available Vulnerability Databases do we have? Well, I can only say that there are a lot of them and they are pretty different. Here I make an attempt to classify them. It's quite an ungrateful task. No matter how hard you try, the final result will be rather inaccurate and incomplete. I am sure someone will be complaining. But this is how I see it. ![😉](https://s.w.org/images/core/emoji/11/72x72/1f609.png) If you want to add or change something feel free to make a comment bellow or email [me@avleonov.com](<mailto:me@avleonov.com>). The main classifier, which I came up with: * There are individual vulnerability databases in which one identifier means one vulnerability. They try to cover all existing vulnerabilities. * And others are security bulletins. They cover vulnerabilities in a particular product or products. And they usually based on on patches. One patch may cover multiple vulnerabilities. I made this diagram with some Vulnerability Databases. Note that I wanted to stay focused, so there are no exploit DBs, CERTs, lists of vulnerabilities detected by some researchers ([CISCO Talos](<https://www.talosintelligence.com/vulnerability_info>), [PT Research](<https://www.ptsecurity.com/ww-en/analytics/threatscape/>), etc.), Media and Bug Bounty sites. ![Vulnerability Databases classification](https://avleonov.com/wp-content/uploads/2018/06/vulnerability_databases103-1024x638.png) For these databases the descriptions of vulnerabilities are publicly available on the site (in html interface or downloadable data feed), or exist in a form of paid Vulnerability Intelligence service (for example, [Flexera](<https://www.flexera.com/products/software-vulnerability-management/software-vulnerability-manager.html>)). On one side there are databases of individual vulnerabilities, the most important is [National Vulnerability Database](<https://nvd.nist.gov/>). There are also Chinese, Japanese bases that can be derived from NVD or not. On the other side we have security bulletins, for example [RedHat Security Advisories](<https://www.redhat.com/archives/rhsa-announce/>). And in the middle we have a Vulnerability Databases, for which it is not critical whether they have duplicated vulnerability IDs or not. These are the Vulnerability Databases of aggregators, vulnerability scanners, security content databases. We can say that [CIS OVAL](<https://oval.cisecurity.org/>) or [OpenVAS NVTs](<http://www.openvas.org/openvas-nvt-feed.html>) are the forms of public security content. Russian [FSTEC BDU Vulnerability Database](<https://bdu.fstec.ru/vul>) also has individual vulnerabilities and security bulletins. ### Classification I have the following groups: 1. Individual Vulnerabilities 2. Individual Vulnerabilities -> Government 3. Individual Vulnerabilities -> Commercial Vulnerability Scanners and Aggregators 4. Mixed Individual Vulnerabilities and Security Bulletins -> Commercial Vulnerability Scanners and Aggregators 5. Mixed Individual Vulnerabilities and Security Bulletins -> Government 6. Mixed Individual Vulnerabilities and Security Bulletins -> Open and formalized detection rules 7. Security Bulletins 8. Security Bulletins -> All software in repository ### Registry I was trying to give a link on the same ["Drupalgedon2" CVE-2018-7600](<https://github.com/jirojo2/drupalgeddon2>) vulnerability in examples, where it was possible. I mentioned the ways to grab all the entries from particular Vulnerability Database in the Aggregation column. Most of this methods are provided by the owner of the Database ("official") or in a form of [Vulners collections](<https://avleonov.com/2016/10/24/processing-vulners-collections-using-python/>). Name | Classification Group | Description | Example of content | Aggregation ---|---|---|---|--- [Mitre CVE](<https://cve.mitre.org/>) | Individual Vulnerabilities | Coordinate the release of CVE identifiers | [CVE-2018-7600](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7600>) | [Official](<https://cve.mitre.org/data/downloads/index.html>) [IBM X force](<https://exchange.xforce.ibmcloud.com/>) | Individual Vulnerabilities | Threat and Vulnerability Intelligence service | [CVE-2018-7600](<https://exchange.xforce.ibmcloud.com/vulnerabilities/140913>) | n/a [NIST NVD](<https://nvd.nist.gov/>) | Individual Vulnerabilities -> Government | The NVD is the U.S. government repository of standards based vulnerability management data | [CVE-2018-7600](<https://nvd.nist.gov/vuln/detail/CVE-2018-7600>) | [Official](<https://nvd.nist.gov/vuln/data-feeds>), [Vulners](<https://vulners.com/stats>) [CNNVD](<http://www.cnnvd.org.cn/>) | Individual Vulnerabilities -> Government | China National Vulnerability Database of Information Security | [CNNVD-201803-1136](<http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201803-1136>) | [Official](<http://www.cnnvd.org.cn/web/xxk/xmlDown.tag>) [CNVD](<http://www.cnvd.org.cn/>) | Individual Vulnerabilities -> Government | China National Vulnerability Database | [CNTA-2018-0012](<http://www.cnvd.org.cn/webinfo/show/4463>) | n/a [JVN](<https://jvn.jp>) | Mixed Individual Vulnerabilities and Security Bulletins -> Government | Japan Vulnerability Notes | [JVN#65268217](<https://jvn.jp/jp/JVN65268217/index.html>) | n/a [BDU Fstec](<https://bdu.fstec.ru/>) | Mixed Individual Vulnerabilities and Security Bulletins -> Government | Russian Data Security Threats Database | [BDU:2018-00749](<https://bdu.fstec.ru/vul/2018-00749>) | [Official](<https://bdu.fstec.ru/vul>) [Risk Based Security VulnDB](<https://vulndb.cyberriskanalytics.com/>) | Individual Vulnerabilities -> Commercial Vulnerability Scanners and Aggregators | Vulnerability Intelligence vendor | n/a | n/a [Flexera](<https://www.flexera.com/products/software-vulnerability-management/software-vulnerability-manager.html>) | Individual Vulnerabilities -> Commercial Vulnerability Scanners and Aggregators | Vulnerability Intelligence vendor | n/a | n/a [Beyond Security SecuriTeam](<http://www.securiteam.com/>) | Individual Vulnerabilities -> Commercial Vulnerability Scanners and Aggregators | Vulnerability Management vendor | [CVE-2016-9939](<http://www.securiteam.com/securitynews/5LP3G20MKY.html>) | n/a [VulDB](<https://vuldb.com/>) | Individual Vulnerabilities -> Commercial Vulnerability Scanners and Aggregators | "Number 1 vulnerability database worldwide with more than 117000 entries available." | [CVE-2018-7600](<https://vuldb.com/?id.115197>) | n/a [vFeed](<https://vfeed.io/>) | Mixed Individual Vulnerabilities and Security Bulletins -> Commercial Vulnerability Scanners and Aggregators | "Trusted Vulnerability & Threat Intelligence Database" | n/a | [Official](<https://vfeed.io/pricing/>) [Vulners](<https://vulners.com/>) | Mixed Individual Vulnerabilities and Security Bulletins -> Commercial Vulnerability Scanners and Aggregators | "Complete Vulnerability DataBase & Security Scanne" | [CVE-2018-7600](<https://vulners.com/cve/CVE-2018-7600>) | [Official](<https://vulners.com/cve/stats>) [Tenable](<https://www.tenable.com/plugins>) | Mixed Individual Vulnerabilities and Security Bulletins -> Commercial Vulnerability Scanners and Aggregators | Tenable Nessus Attack Scripting Language (NASL) plugins | [CVE-2018-7600](<https://www.tenable.com/plugins/nessus/109041>) | [Vulners](<https://vulners.com/stats>) [Snyk](<https://snyk.io/vuln/>) | Mixed Individual Vulnerabilities and Security Bulletins -> Commercial Vulnerability Scanners and Aggregators | "Snyk helps you use open source and stay secure." | [CVE-2018-7600](<https://snyk.io/vuln/SNYK-PHP-DRUPALCORE-72112>) | n/a [Rapid7](<https://www.rapid7.com/db>) | Mixed Individual Vulnerabilities and Security Bulletins -> Commercial Vulnerability Scanners and Aggregators | "Vulnerability & Exploit Database" | [CVE-2018-7600](<https://www.rapid7.com/db/vulnerabilities/drupal-cve-2018-7600>) | n/a [Altx-Soft OVAL Repository](<https://ovaldb.altx-soft.ru/>) | Mixed Individual Vulnerabilities and Security Bulletins -> Commercial Vulnerability Scanners and Aggregators | ALTEX-SOFT-owned OVAL repository | [CVE-2018-7600](<https://ovaldb.altx-soft.ru/Definition.aspx?id=oval:com.altx-soft.nix:def:19053>) | n/a [SecPod SCAP Repo](<https://www.scaprepo.com/>) | Mixed Individual Vulnerabilities and Security Bulletins -> Commercial Vulnerability Scanners and Aggregators | SecPod-owned OVAL repository | [CVE-2018-7600](<https://www.scaprepo.com/control.jsp?command=relation&relationId=oval:org.secpod.oval:def:603336>) | n/a [OpenVAS NVT](<http://www.openvas.org/openvas-nvt-feed.html>) | Mixed Individual Vulnerabilities and Security Bulletins -> Open and formalized detection rules | "Public feed of Network Vulnerability Tests (NVTs) for the OpenVAS project" | n/a | [Vulners](<https://vulners.com/stats>) [CIS OVAL](<https://oval.cisecurity.org/>) | Mixed Individual Vulnerabilities and Security Bulletins -> Open and formalized detection rules | Main database of OVAL content sponsored by Center for Internet Security | n/a | [Official](<https://oval.cisecurity.org/repository/download>) [CentOS CESA](<https://lists.centos.org/pipermail/centos-announce/>) | Security Bulletins -> All software in repository | The CentOS-announce Archives | [CESA-2014:0376](<https://lists.centos.org/pipermail/centos-announce/2014-April/020249.html>) | [Vulners](<https://vulners.com/stats>) [Ubuntu USN](<https://usn.ubuntu.com/>) | Security Bulletins -> All software in repository | Ubuntu security notices | [USN-2165-1](<https://usn.ubuntu.com/2165-1/>) | [Vulners](<https://vulners.com/stats>) [RedHat RHSA](<https://www.redhat.com/archives/rhsa-announce/>) | Security Bulletins -> All software in repository | The RedHat-announce Archives | [RHSA-2014:0376](<https://access.redhat.com/errata/RHSA-2014:0376>) | [Vulners](<https://vulners.com/stats>) [Debian DSA](<https://www.debian.org/security/>) | Security Bulletins -> All software in repository | Debian Security Advisories | [DSA-4156-1](<https://www.debian.org/security/2018/dsa-4156>) | [Vulners](<https://vulners.com/stats>) Microsoft KB | Security Bulletins | Microsoft Knowledge Base | [KB4013389](<https://support.microsoft.com/kb/4013389>) | n/a [Microsoft MS](<https://docs.microsoft.com/en-us/security-updates/securitybulletins/securitybulletins>) | Security Bulletins | Microsoft Security Bulletin | [MS17-10](<https://docs.microsoft.com/en-us/security-updates/securitybulletins/2017/ms17-010>) | n/a [CISCO SA](<https://tools.cisco.com/security/center/mpublicationListingDetails.x?docType=CiscoSecurityAdvisory>) | Security Bulletins | Cisco Security Advisories | [cisco-sa-20180521](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel>) | [Vulners](<https://vulners.com/stats>) [OpenSSL Vulnerabilities](<https://www.openssl.org/news/vulnerabilities.html>) | Security Bulletins | OpenSSL Vulnerabilities | [CVE-2018-0737](<https://www.openssl.org/news/secadv/20180416.txt>) | [Vulners](<https://vulners.com/stats>) [Apache](<https://httpd.apache.org/security_report.html>) | Security Bulletins | Security Problems with the Apache HTTP Server | [CVE-2017-9798](<https://httpd.apache.org/security/vulnerabilities_22.html>) | [Vulners](<https://vulners.com/stats>) [Mozilla MFSA](<https://www.mozilla.org/en-US/security/advisories/>) | Security Bulletins | Mozilla Foundation Security Advisories | [mfsa2018-13](<https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/>) | [Vulners](<https://vulners.com/stats>) ### Other Vulnerability Databases Of course this table is far from being complete. It's a basic structure, just to give an overall picture. You can find more: * Different Vulnerability Databases in [Vulnerability Database Catalog by FIRST.org](<https://www.first.org/global/sigs/vrdx/vdb-catalog>). * Security Bulletins for different Operating Systems and Software at [Vulners.com stats page](<https://vulners.com/stats>) (blocks "Unix" and "Software"). * Bases of OVAL content listed at [MITRE OVAL Product List](<https://oval.mitre.org/adoption/productlist.html>) (it is in archive state; see the type "Definition Repository") Do you know any other interesting sources about known software vulnerabilities? Feel free to mention them in the comments bellow. ![](http://feeds.feedburner.com/~r/avleonov/~4/o1m4yya8LXc)

{"id": "AVLEONOV:101A90D5F21CD7ACE01781C2913D1B6D", "type": "avleonov", "bulletinFamily": "blog", "title": "Vulnerability Databases: Classification and Registry", "description": "What publicly available Vulnerability Databases do we have? Well, I can only say that there are a lot of them and they are pretty different. Here I make an attempt to classify them.\n\nIt's quite an ungrateful task. No matter how hard you try, the final result will be rather inaccurate and incomplete. I am sure someone will be complaining. But this is how I see it. ![\ud83d\ude09](https://s.w.org/images/core/emoji/11/72x72/1f609.png) If you want to add or change something feel free to make a comment bellow or email [me@avleonov.com](<mailto:me@avleonov.com>).\n\nThe main classifier, which I came up with:\n\n * There are individual vulnerability databases in which one identifier means one vulnerability. They try to cover all existing vulnerabilities.\n * And others are security bulletins. They cover vulnerabilities in a particular product or products. And they usually based on on patches. One patch may cover multiple vulnerabilities.\n\nI made this diagram with some Vulnerability Databases. Note that I wanted to stay focused, so there are no exploit DBs, CERTs, lists of vulnerabilities detected by some researchers ([CISCO Talos](<https://www.talosintelligence.com/vulnerability_info>), [PT Research](<https://www.ptsecurity.com/ww-en/analytics/threatscape/>), etc.), Media and Bug Bounty sites.\n\n![Vulnerability Databases classification](https://avleonov.com/wp-content/uploads/2018/06/vulnerability_databases103-1024x638.png)\n\nFor these databases the descriptions of vulnerabilities are publicly available on the site (in html interface or downloadable data feed), or exist in a form of paid Vulnerability Intelligence service (for example, [Flexera](<https://www.flexera.com/products/software-vulnerability-management/software-vulnerability-manager.html>)).\n\nOn one side there are databases of individual vulnerabilities, the most important is [National Vulnerability Database](<https://nvd.nist.gov/>). There are also Chinese, Japanese bases that can be derived from NVD or not.\n\nOn the other side we have security bulletins, for example [RedHat Security Advisories](<https://www.redhat.com/archives/rhsa-announce/>).\n\nAnd in the middle we have a Vulnerability Databases, for which it is not critical whether they have duplicated vulnerability IDs or not.\n\nThese are the Vulnerability Databases of aggregators, vulnerability scanners, security content databases. We can say that [CIS OVAL](<https://oval.cisecurity.org/>) or [OpenVAS NVTs](<http://www.openvas.org/openvas-nvt-feed.html>) are the forms of public security content. Russian [FSTEC BDU Vulnerability Database](<https://bdu.fstec.ru/vul>) also has individual vulnerabilities and security bulletins.\n\n### Classification\n\nI have the following groups:\n\n 1. Individual Vulnerabilities\n 2. Individual Vulnerabilities -> Government\n 3. Individual Vulnerabilities -> Commercial Vulnerability Scanners and Aggregators\n 4. Mixed Individual Vulnerabilities and Security Bulletins -> Commercial Vulnerability Scanners and Aggregators\n 5. Mixed Individual Vulnerabilities and Security Bulletins -> Government\n 6. Mixed Individual Vulnerabilities and Security Bulletins -> Open and formalized detection rules\n 7. Security Bulletins\n 8. Security Bulletins -> All software in repository\n\n### Registry\n\nI was trying to give a link on the same [\"Drupalgedon2\" CVE-2018-7600](<https://github.com/jirojo2/drupalgeddon2>) vulnerability in examples, where it was possible. I mentioned the ways to grab all the entries from particular Vulnerability Database in the Aggregation column. Most of this methods are provided by the owner of the Database (\"official\") or in a form of [Vulners collections](<https://avleonov.com/2016/10/24/processing-vulners-collections-using-python/>).\n\nName | Classification Group | Description | Example of content | Aggregation \n---|---|---|---|--- \n[Mitre CVE](<https://cve.mitre.org/>) | Individual Vulnerabilities | Coordinate the release of CVE identifiers | [CVE-2018-7600](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7600>) | [Official](<https://cve.mitre.org/data/downloads/index.html>) \n[IBM X force](<https://exchange.xforce.ibmcloud.com/>) | Individual Vulnerabilities | Threat and Vulnerability Intelligence service | [CVE-2018-7600](<https://exchange.xforce.ibmcloud.com/vulnerabilities/140913>) | n/a \n[NIST NVD](<https://nvd.nist.gov/>) | Individual Vulnerabilities -> Government | The NVD is the U.S. government repository of standards based vulnerability management data | [CVE-2018-7600](<https://nvd.nist.gov/vuln/detail/CVE-2018-7600>) | [Official](<https://nvd.nist.gov/vuln/data-feeds>), [Vulners](<https://vulners.com/stats>) \n[CNNVD](<http://www.cnnvd.org.cn/>) | Individual Vulnerabilities -> Government | China National Vulnerability Database of Information Security | [CNNVD-201803-1136](<http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201803-1136>) | [Official](<http://www.cnnvd.org.cn/web/xxk/xmlDown.tag>) \n[CNVD](<http://www.cnvd.org.cn/>) | Individual Vulnerabilities -> Government | China National Vulnerability Database | [CNTA-2018-0012](<http://www.cnvd.org.cn/webinfo/show/4463>) | n/a \n[JVN](<https://jvn.jp>) | Mixed Individual Vulnerabilities and Security Bulletins -> Government | Japan Vulnerability Notes | [JVN#65268217](<https://jvn.jp/jp/JVN65268217/index.html>) | n/a \n[BDU Fstec](<https://bdu.fstec.ru/>) | Mixed Individual Vulnerabilities and Security Bulletins -> Government | Russian Data Security Threats Database | [BDU:2018-00749](<https://bdu.fstec.ru/vul/2018-00749>) | [Official](<https://bdu.fstec.ru/vul>) \n[Risk Based Security VulnDB](<https://vulndb.cyberriskanalytics.com/>) | Individual Vulnerabilities -> Commercial Vulnerability Scanners and Aggregators | Vulnerability Intelligence vendor | n/a | n/a \n[Flexera](<https://www.flexera.com/products/software-vulnerability-management/software-vulnerability-manager.html>) | Individual Vulnerabilities -> Commercial Vulnerability Scanners and Aggregators | Vulnerability Intelligence vendor | n/a | n/a \n[Beyond Security SecuriTeam](<http://www.securiteam.com/>) | Individual Vulnerabilities -> Commercial Vulnerability Scanners and Aggregators | Vulnerability Management vendor | [CVE-2016-9939](<http://www.securiteam.com/securitynews/5LP3G20MKY.html>) | n/a \n[VulDB](<https://vuldb.com/>) | Individual Vulnerabilities -> Commercial Vulnerability Scanners and Aggregators | \"Number 1 vulnerability database worldwide with more than 117000 entries available.\" | [CVE-2018-7600](<https://vuldb.com/?id.115197>) | n/a \n[vFeed](<https://vfeed.io/>) | Mixed Individual Vulnerabilities and Security Bulletins -> Commercial Vulnerability Scanners and Aggregators | \"Trusted Vulnerability & Threat Intelligence Database\" | n/a | [Official](<https://vfeed.io/pricing/>) \n[Vulners](<https://vulners.com/>) | Mixed Individual Vulnerabilities and Security Bulletins -> Commercial Vulnerability Scanners and Aggregators | \"Complete Vulnerability DataBase & Security Scanne\" | [CVE-2018-7600](<https://vulners.com/cve/CVE-2018-7600>) | [Official](<https://vulners.com/cve/stats>) \n[Tenable](<https://www.tenable.com/plugins>) | Mixed Individual Vulnerabilities and Security Bulletins -> Commercial Vulnerability Scanners and Aggregators | Tenable Nessus Attack Scripting Language (NASL) plugins | [CVE-2018-7600](<https://www.tenable.com/plugins/nessus/109041>) | [Vulners](<https://vulners.com/stats>) \n[Snyk](<https://snyk.io/vuln/>) | Mixed Individual Vulnerabilities and Security Bulletins -> Commercial Vulnerability Scanners and Aggregators | \"Snyk helps you use open source and stay secure.\" | [CVE-2018-7600](<https://snyk.io/vuln/SNYK-PHP-DRUPALCORE-72112>) | n/a \n[Rapid7](<https://www.rapid7.com/db>) | Mixed Individual Vulnerabilities and Security Bulletins -> Commercial Vulnerability Scanners and Aggregators | \"Vulnerability & Exploit Database\" | [CVE-2018-7600](<https://www.rapid7.com/db/vulnerabilities/drupal-cve-2018-7600>) | n/a \n[Altx-Soft OVAL Repository](<https://ovaldb.altx-soft.ru/>) | Mixed Individual Vulnerabilities and Security Bulletins -> Commercial Vulnerability Scanners and Aggregators | ALTEX-SOFT-owned OVAL repository | [CVE-2018-7600](<https://ovaldb.altx-soft.ru/Definition.aspx?id=oval:com.altx-soft.nix:def:19053>) | n/a \n[SecPod SCAP Repo](<https://www.scaprepo.com/>) | Mixed Individual Vulnerabilities and Security Bulletins -> Commercial Vulnerability Scanners and Aggregators | SecPod-owned OVAL repository | [CVE-2018-7600](<https://www.scaprepo.com/control.jsp?command=relation&relationId=oval:org.secpod.oval:def:603336>) | n/a \n[OpenVAS NVT](<http://www.openvas.org/openvas-nvt-feed.html>) | Mixed Individual Vulnerabilities and Security Bulletins -> Open and formalized detection rules | \"Public feed of Network Vulnerability Tests (NVTs) for the OpenVAS project\" | n/a | [Vulners](<https://vulners.com/stats>) \n[CIS OVAL](<https://oval.cisecurity.org/>) | Mixed Individual Vulnerabilities and Security Bulletins -> Open and formalized detection rules | Main database of OVAL content sponsored by Center for Internet Security | n/a | [Official](<https://oval.cisecurity.org/repository/download>) \n[CentOS CESA](<https://lists.centos.org/pipermail/centos-announce/>) | Security Bulletins -> All software in repository | The CentOS-announce Archives | [CESA-2014:0376](<https://lists.centos.org/pipermail/centos-announce/2014-April/020249.html>) | [Vulners](<https://vulners.com/stats>) \n[Ubuntu USN](<https://usn.ubuntu.com/>) | Security Bulletins -> All software in repository | Ubuntu security notices | [USN-2165-1](<https://usn.ubuntu.com/2165-1/>) | [Vulners](<https://vulners.com/stats>) \n[RedHat RHSA](<https://www.redhat.com/archives/rhsa-announce/>) | Security Bulletins -> All software in repository | The RedHat-announce Archives | [RHSA-2014:0376](<https://access.redhat.com/errata/RHSA-2014:0376>) | [Vulners](<https://vulners.com/stats>) \n[Debian DSA](<https://www.debian.org/security/>) | Security Bulletins -> All software in repository | Debian Security Advisories | [DSA-4156-1](<https://www.debian.org/security/2018/dsa-4156>) | [Vulners](<https://vulners.com/stats>) \nMicrosoft KB | Security Bulletins | Microsoft Knowledge Base | [KB4013389](<https://support.microsoft.com/kb/4013389>) | n/a \n[Microsoft MS](<https://docs.microsoft.com/en-us/security-updates/securitybulletins/securitybulletins>) | Security Bulletins | Microsoft Security Bulletin | [MS17-10](<https://docs.microsoft.com/en-us/security-updates/securitybulletins/2017/ms17-010>) | n/a \n[CISCO SA](<https://tools.cisco.com/security/center/mpublicationListingDetails.x?docType=CiscoSecurityAdvisory>) | Security Bulletins | Cisco Security Advisories | [cisco-sa-20180521](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel>) | [Vulners](<https://vulners.com/stats>) \n[OpenSSL Vulnerabilities](<https://www.openssl.org/news/vulnerabilities.html>) | Security Bulletins | OpenSSL Vulnerabilities | [CVE-2018-0737](<https://www.openssl.org/news/secadv/20180416.txt>) | [Vulners](<https://vulners.com/stats>) \n[Apache](<https://httpd.apache.org/security_report.html>) | Security Bulletins | Security Problems with the Apache HTTP Server | [CVE-2017-9798](<https://httpd.apache.org/security/vulnerabilities_22.html>) | [Vulners](<https://vulners.com/stats>) \n[Mozilla MFSA](<https://www.mozilla.org/en-US/security/advisories/>) | Security Bulletins | Mozilla Foundation Security Advisories | [mfsa2018-13](<https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/>) | [Vulners](<https://vulners.com/stats>) \n \n### Other Vulnerability Databases\n\nOf course this table is far from being complete. It's a basic structure, just to give an overall picture.\n\nYou can find more:\n\n * Different Vulnerability Databases in [Vulnerability Database Catalog by FIRST.org](<https://www.first.org/global/sigs/vrdx/vdb-catalog>).\n * Security Bulletins for different Operating Systems and Software at [Vulners.com stats page](<https://vulners.com/stats>) (blocks \"Unix\" and \"Software\").\n * Bases of OVAL content listed at [MITRE OVAL Product List](<https://oval.mitre.org/adoption/productlist.html>) (it is in archive state; see the type \"Definition Repository\")\n\nDo you know any other interesting sources about known software vulnerabilities? Feel free to mention them in the comments bellow.\n\n![](http://feeds.feedburner.com/~r/avleonov/~4/o1m4yya8LXc)", "published": "2018-06-05T15:57:41", "modified": "2018-06-05T15:57:41", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://feedproxy.google.com/~r/avleonov/~3/o1m4yya8LXc/", "reporter": "Alexander Leonov", "references": [], "cvelist": ["CVE-2016-9939", "CVE-2017-9798", "CVE-2018-0737", "CVE-2018-7600"], "lastseen": "2018-08-03T12:56:42", "viewCount": 1659, "enchantments": {"dependencies": {"references": [{"type": "aix", "idList": ["OPENSSL_ADVISORY27.ASC"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2018-7600"]}, {"type": "amazon", "idList": ["ALAS-2017-896", "ALAS-2018-1000", "ALAS2-2018-1004"]}, {"type": "apple", "idList": ["APPLE:B7AA5B9368DE4BD135A602B017EB0259", "APPLE:HT208331"]}, {"type": "archlinux", "idList": ["ASA-201709-15", "ASA-201804-1"]}, {"type": "attackerkb", "idList": ["AKB:3374FB55-2A44-4607-A9C5-265E7DE9B936", "AKB:D0F5AA2A-4D99-41A6-9F83-6D0EA1AD01FC"]}, {"type": "centos", "idList": ["CESA-2017:2882", "CESA-2017:2972", "CESA-2018:3221"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2017-0774", "CPAI-2017-0896", "CPAI-2018-0192", "CPAI-2018-1697"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:B1BFB1BD3BA9A90D6CA66F05AB2DCBAE", "CFOUNDRY:BDB6F8275A06CC11A9EB2C43CBB82E42"]}, {"type": "cloudlinux", "idList": ["CLSA-2021:1632262317"]}, {"type": "cve", "idList": ["CVE-2016-9939", "CVE-2017-9798", "CVE-2018-0737", "CVE-2018-7600"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1102-1:511F7", "DEBIAN:DLA-1102-1:7F277", "DEBIAN:DLA-1325-1:426F0", "DEBIAN:DLA-1325-1:E895C", "DEBIAN:DLA-1449-1:6B9AF", "DEBIAN:DLA-1449-1:EF247", "DEBIAN:DLA-766-1:18E2C", "DEBIAN:DLA-766-1:7DAB0", "DEBIAN:DSA-3748-1:9F07C", "DEBIAN:DSA-3748-1:CD0FB", "DEBIAN:DSA-3980-1:6FBEB", "DEBIAN:DSA-3980-1:C7ED3", "DEBIAN:DSA-4156-1:C1814", "DEBIAN:DSA-4156-1:CE193", "DEBIAN:DSA-4348-1:05673", "DEBIAN:DSA-4355-1:1415E"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-9939", "DEBIANCVE:CVE-2017-9798", "DEBIANCVE:CVE-2018-0737", "DEBIANCVE:CVE-2018-7600"]}, {"type": "dsquare", "idList": ["E-638", "E-639"]}, {"type": "exploitdb", "idList": ["EDB-ID:42745", "EDB-ID:44448", "EDB-ID:44449", "EDB-ID:44482"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:643750D6FF631053256ACECA930FF041", "EXPLOITPACK:9E300C1777BC1D8C514DB64FA7D000CE", "EXPLOITPACK:C8C256BE0BFF5FE1C0405CB0AA9C075D", "EXPLOITPACK:E563140BD918794B55F61FC55941120F"]}, {"type": "f5", "idList": ["F5:K22854260", "F5:K43429502", "F5:K70084351"]}, {"type": "fedora", "idList": ["FEDORA:08AC0606CFA2", "FEDORA:092E9605F081", "FEDORA:17401605E206", "FEDORA:229DA6183EF3", "FEDORA:2C56E6076005", "FEDORA:3F234602D69C", "FEDORA:45D79604B015", "FEDORA:4B26D6048172", "FEDORA:5C39A60311F1", "FEDORA:63AEC601CFBA", "FEDORA:6F712609154B", "FEDORA:7595560DCBCA", "FEDORA:8D9BA60468B9", "FEDORA:9DFEE60469B4", "FEDORA:9FC6E6070D50", "FEDORA:A9847604E850", "FEDORA:B56AC605DCD2", "FEDORA:C2CB46042D4E", "FEDORA:C5613607A3CF", "FEDORA:D89B16076A01"]}, {"type": "fireeye", "idList": ["FIREEYE:3CF3A3DF17A5FD20D5E05C24F6DBC54B"]}, {"type": "freebsd", "idList": ["76B085E2-9D33-11E7-9260-000C292EE6B8", "8F353420-4197-11E8-8777-B499BAEBFEAF", "A9E466E8-4144-11E8-A292-00E04C1EA73D"]}, {"type": "gentoo", "idList": ["GLSA-201710-32", "GLSA-201811-21"]}, {"type": "githubexploit", "idList": ["0B0F940B-BBCE-52B1-8A3F-6FF63D7BDA4E"]}, {"type": "hackerone", "idList": ["H1:1063256", "H1:269568"]}, {"type": "hivepro", "idList": ["HIVEPRO:C72A6CAC86F253C92A64FF6B8FCDA675"]}, {"type": "httpd", "idList": ["HTTPD:6236A32987BAE49DFBF020477B1278DD", "HTTPD:7DDAAFDB1FD8B2E7FD36ADABA5DB6DAA"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20181212-01-CACHE"]}, {"type": "ibm", "idList": ["0EB149242AF86C92359FD2819FE5CA2FA94AAA9A6E3A7381956968DD540CEF70", "0F0A825C07A03880DD39EA5C5014BCE8191E8BEC536CC2446F889DF92FF626E7", "12C657CCB040A2D71F5E7B37692A10A6A4BAA07FBFEAADA8E6F9A5BCFCFD9FAB", "1D18DE555FB91F29F8BBC3532E15A21A7A5DE61EF8C2DB29C73E6BDCF4F0E604", "21781046737819F9BECB0172803EAC75FA331A489C94879B0B9D69C572F33FCF", "2F6DCE2C99CCDBE682ED08A9421CED8979F6A988BEE9A17025F9CD412547C8CE", "3495F9B812339D5B1BD78637C1F420145AAD93AFB44B6E35782DE0160CF7211B", "381B76F53A26572A7C476380F44421473D669346B3F00F995B318188F2D2B793", "3F517C6EB3F580D15A8688927C2FEDE369F340156A939E9A19A6F6469765380E", "4BD0A578AC85BE4A404D10EC419136C4CE32988E7B285336E8F81B41BC84892B", "59AFB6B22B3D21FAFDC933DA29973F4C6887013B5320E839F5B0B140E8DDA7D1", "5E0E32B39EEDE0FD2DF597014A313B4760C8CCD85774132829C4BB7B6A2ECEEF", "732500E18BE7C9ED830D9D2C86A1F758E95A1A12A09BE8FE102B75F50E6A1E5B", "75AE9D4CB9FE02C082FC4424DBD420EA2EAC4CD4BCE0C4E376DC8DEE1119F8D3", "7CFB9BE2DA6D94FEBCA1C4AA8CF9F47ECB13D1F735997F5255B4A85A3E13B4E7", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "824ADAF8E5DE88375EFC5412C86554019A1D20AE993BF46D6E6A634FA7987D24", "825B52995DBE90672BBA09CCFBDD51925814B984495E8E740D466D1C921FE61C", "84BB486A16164E9E9FFD8E6D5DA45CDDD2999475349031D618B321E598A27C51", "86D355F68F85D65B3FD45457F96CAF7864164018AA27439D7F53F3145DFF6AB4", "8A242C548ADF3E615FE6BA32C7E6F5B2DB8B1FA250ABF2329DC20A0FB32D3700", "91C10A77460E47F53661352C6380E6E959F0A94B552C3AE3314BBEC480C0AD09", "94533C1AEDE627C97E171FC1339661B263CF1EA6678274080F922CA0E372274C", "99C4FE5226D6D4C3DFB065D997F2D2D168A50F2B090813B4AFFCC6BF971F9576", "B37FB96EE4FA4B06328DA641D49120233F6F6FC031E87E5A21A71F34BB882B42", "C52E4F43633A26DE3EC912F6665C082BAA08696723A69DA841FA0065F135AD79", "CF5AE1AC4D7F12352FB77F91CC5048FC41163311A15377504B06C6A053ADC4D7", "D272B1ACFC08FB00F71DAECEAF120EF8F47B4AA0F575849F81F09FF6E35CBFB5", "D5FAA4D531F2C77FCA796CDBE24E353B88AF07EF4901D113FCF9A8A7AA86B84A", "E321CD2FAD2352A58756D698FB9F6AEEA2D5866CC41E10025794D036A188BF76", "E515D9AE5ED3FEB7BDBAF35D90286D2E963A5E50F83A19555DC0BA545BE5A8E7", "E79BC6C34DAD829FAB4182BB79212B7400A2BCB673A1FFCDE7E446FA6EFAF11B", "FEDE4F7915CF8E683DBC7AB56D68872D5740EF9C5D19FED52B140130771052A2"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:4416FB86A8069C419B8EAC9DBF52A644", "IMPERVABLOG:A20D453136A0817CB6973C79EBE9F6D1", "IMPERVABLOG:B21E6C61B26ED07C8D647C57348C4F9E"]}, {"type": "kitploit", "idList": ["KITPLOIT:5052987141331551837", "KITPLOIT:5420210148456420402", "KITPLOIT:5494076556436489947", "KITPLOIT:7013881512724945934", "KITPLOIT:7835941952769002973", "KITPLOIT:8672599587089685905"]}, {"type": "mageia", "idList": ["MGASA-2017-0010", "MGASA-2018-0007", "MGASA-2018-0009", "MGASA-2018-0365"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:8AB104C08F6A4BE34498DA02C120E924"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT-UNIX-WEBAPP-DRUPAL_DRUPALGEDDON2-"]}, {"type": "nessus", "idList": ["700224.PRM", "700228.PRM", "700229.PRM", "700230.PRM", "700513.PRM", "AIX_OPENSSL_ADVISORY27.NASL", "AL2_ALAS-2018-1004.NASL", "ALA_ALAS-2017-896.NASL", "ALA_ALAS-2018-1000.NASL", "APACHE_2_4_28.NASL", "CENTOS_RHSA-2017-2882.NASL", "CENTOS_RHSA-2017-2972.NASL", "CENTOS_RHSA-2018-3221.NASL", "DEBIAN_DLA-1102.NASL", "DEBIAN_DLA-1325.NASL", "DEBIAN_DLA-1449.NASL", "DEBIAN_DLA-766.NASL", "DEBIAN_DSA-3748.NASL", "DEBIAN_DSA-3980.NASL", "DEBIAN_DSA-4156.NASL", "DEBIAN_DSA-4348.NASL", "DEBIAN_DSA-4355.NASL", "DRUPAL_8_5_1.NASL", "DRUPAL_CVE-2018-7600_RCE.NBIN", "EULEROS_SA-2017-1252.NASL", "EULEROS_SA-2017-1253.NASL", "EULEROS_SA-2018-1214.NASL", "EULEROS_SA-2018-1306.NASL", "EULEROS_SA-2018-1383.NASL", "EULEROS_SA-2018-1392.NASL", "EULEROS_SA-2018-1420.NASL", "EULEROS_SA-2019-1009.NASL", "EULEROS_SA-2019-1084.NASL", "EULEROS_SA-2019-1164.NASL", "EULEROS_SA-2019-1201.NASL", "EULEROS_SA-2019-1389.NASL", "EULEROS_SA-2019-1400.NASL", "EULEROS_SA-2019-1419.NASL", "EULEROS_SA-2019-1546.NASL", "EULEROS_SA-2019-1643.NASL", "EULEROS_SA-2021-2542.NASL", "EULEROS_SA-2021-2566.NASL", "EULEROS_SA-2021-2758.NASL", "EULEROS_SA-2021-2785.NASL", "FEDORA_2017-A52F252521.NASL", "FEDORA_2017-FDD3A98E8F.NASL", "FEDORA_2018-02A38AF202.NASL", "FEDORA_2018-520E4C5B4E.NASL", "FEDORA_2018-906BA26B4D.NASL", "FEDORA_2018-922CC2FBAA.NASL", "FEDORA_2019-00C25B9379.NASL", "FEDORA_2019-812B77ED2E.NASL", "FEDORA_2019-9A0A7C0986.NASL", "FEDORA_2019-DB06EFDEA1.NASL", "FREEBSD_PKG_76B085E29D3311E79260000C292EE6B8.NASL", "FREEBSD_PKG_8F353420419711E88777B499BAEBFEAF.NASL", "FREEBSD_PKG_A9E466E8414411E8A29200E04C1EA73D.NASL", "GENTOO_GLSA-201710-32.NASL", "GENTOO_GLSA-201811-21.NASL", "IBM_HTTP_SERVER_298437.NASL", "JUNIPER_JSA10919.NASL", "JUNIPER_SPACE_JSA_10838.NASL", "LCE_5_1_1.NASL", "MACOSX_SECUPD2017-005.NASL", "MACOS_10_13_2.NASL", "NESSUS_TNS_2018_14.NASL", "NESSUS_TNS_2018_17.NASL", "NEWSTART_CGSL_NS-SA-2019-0065_OPENSSL.NASL", "NEWSTART_CGSL_NS-SA-2019-0118_HTTPD.NASL", "NODEJS_2018_AUG.NASL", "OPENSSL_1_0_2P.NASL", "OPENSSL_1_1_0I.NASL", "OPENSUSE-2017-1083.NASL", "OPENSUSE-2018-1091.NASL", "OPENSUSE-2018-1110.NASL", "OPENSUSE-2018-389.NASL", "OPENSUSE-2018-997.NASL", "OPENSUSE-2019-152.NASL", "OPENSUSE-2019-753.NASL", "OPENSUSE-2021-3301.NASL", "ORACLELINUX_ELSA-2017-2882.NASL", "ORACLELINUX_ELSA-2017-2972.NASL", "ORACLELINUX_ELSA-2018-3221.NASL", "ORACLELINUX_ELSA-2018-4248.NASL", "ORACLELINUX_ELSA-2018-4249.NASL", "ORACLEVM_OVMSA-2019-0040.NASL", "ORACLE_ENTERPRISE_MANAGER_JAN_2019_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_JUL_2018_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_APR_2019_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_JAN_2019_CPU.NASL", "ORACLE_HTTP_SERVER_CPU_JAN_2018.NASL", "ORACLE_PRIMAVERA_P6_EPPM_CPU_APR_2019.NASL", "ORACLE_PRIMAVERA_P6_EPPM_CPU_JAN_2019.NASL", "ORACLE_PRIMAVERA_UNIFIER_CPU_APR_2019.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_APR_2018_CPU.NASL", "PALO_ALTO_PAN-SA-2018-0015.NASL", "PHOTONOS_PHSA-2018-1_0-0149.NASL", "PHOTONOS_PHSA-2018-1_0-0149_OPENSSL.NASL", "PHOTONOS_PHSA-2018-2_0-0078.NASL", "PHOTONOS_PHSA-2018-2_0-0078_OPENSSL.NASL", "REDHAT-RHSA-2017-2882.NASL", "REDHAT-RHSA-2017-2972.NASL", "REDHAT-RHSA-2017-3113.NASL", "REDHAT-RHSA-2017-3193.NASL", "REDHAT-RHSA-2017-3194.NASL", "REDHAT-RHSA-2017-3195.NASL", "REDHAT-RHSA-2017-3240.NASL", "REDHAT-RHSA-2017-3476.NASL", "REDHAT-RHSA-2017-3477.NASL", "REDHAT-RHSA-2018-3221.NASL", "REDHAT-RHSA-2019-3932.NASL", "REDHAT-RHSA-2019-3933.NASL", "SECURITYCENTER_5_7_1_TNS_2018_12.NASL", "SLACKWARE_SSA_2017-261-01.NASL", "SLACKWARE_SSA_2018-226-01.NASL", "SL_20171011_HTTPD_ON_SL7_X.NASL", "SL_20171019_HTTPD_ON_SL6_X.NASL", "SL_20181030_OPENSSL_ON_SL7_X.NASL", "SUN_JAVA_WEB_SERVER_7_0_27.NASL", "SUSE_SU-2017-2542-1.NASL", "SUSE_SU-2017-2718-1.NASL", "SUSE_SU-2017-2756-1.NASL", "SUSE_SU-2017-2907-1.NASL", "SUSE_SU-2018-2486-1.NASL", "SUSE_SU-2018-2492-1.NASL", "SUSE_SU-2018-2683-1.NASL", "SUSE_SU-2018-2928-1.NASL", "SUSE_SU-2018-2928-2.NASL", "SUSE_SU-2018-2965-1.NASL", "SUSE_SU-2018-3864-1.NASL", "SUSE_SU-2019-0197-1.NASL", "SUSE_SU-2019-1553-1.NASL", "SUSE_SU-2021-3301-1.NASL", "UBUNTU_USN-3425-1.NASL", "UBUNTU_USN-3628-1.NASL", "UBUNTU_USN-3692-1.NASL", "VIRTUOZZO_VZLSA-2017-2972.NASL", "WEB_APPLICATION_SCANNING_98216", "WEB_APPLICATION_SCANNING_98564", "WEB_APPLICATION_SCANNING_98565", "WEB_APPLICATION_SCANNING_98566", "WEB_APPLICATION_SCANNING_98567", "WEB_APPLICATION_SCANNING_98568", "WEB_APPLICATION_SCANNING_98569", "WEB_APPLICATION_SCANNING_98570", "WEB_APPLICATION_SCANNING_98913"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2018-0737"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310107358", "OPENVAS:1361412562310107444", "OPENVAS:1361412562310107838", "OPENVAS:1361412562310108252", "OPENVAS:1361412562310108438", "OPENVAS:1361412562310112048", "OPENVAS:1361412562310141028", "OPENVAS:1361412562310141029", "OPENVAS:1361412562310703748", "OPENVAS:1361412562310703980", "OPENVAS:1361412562310704156", "OPENVAS:1361412562310704348", "OPENVAS:1361412562310704355", "OPENVAS:1361412562310812035", "OPENVAS:1361412562310812045", "OPENVAS:1361412562310812401", "OPENVAS:1361412562310812583", "OPENVAS:1361412562310812584", "OPENVAS:1361412562310813153", "OPENVAS:1361412562310813154", "OPENVAS:1361412562310814523", "OPENVAS:1361412562310843313", "OPENVAS:1361412562310843569", "OPENVAS:1361412562310843673", "OPENVAS:1361412562310851734", "OPENVAS:1361412562310851888", "OPENVAS:1361412562310851920", "OPENVAS:1361412562310852061", "OPENVAS:1361412562310852279", "OPENVAS:1361412562310873446", "OPENVAS:1361412562310874382", "OPENVAS:1361412562310874383", "OPENVAS:1361412562310874421", "OPENVAS:1361412562310874422", "OPENVAS:1361412562310874428", "OPENVAS:1361412562310874436", "OPENVAS:1361412562310874456", "OPENVAS:1361412562310875095", "OPENVAS:1361412562310875133", "OPENVAS:1361412562310875500", "OPENVAS:1361412562310875534", "OPENVAS:1361412562310876320", "OPENVAS:1361412562310876431", "OPENVAS:1361412562310876840", "OPENVAS:1361412562310876846", "OPENVAS:1361412562310877283", "OPENVAS:1361412562310882784", "OPENVAS:1361412562310882791", "OPENVAS:1361412562310891102", "OPENVAS:1361412562310891325", "OPENVAS:1361412562310891449", "OPENVAS:1361412562311220171252", "OPENVAS:1361412562311220171253", "OPENVAS:1361412562311220181214", "OPENVAS:1361412562311220181306", "OPENVAS:1361412562311220181383", "OPENVAS:1361412562311220181392", "OPENVAS:1361412562311220181420", "OPENVAS:1361412562311220191009", "OPENVAS:1361412562311220191084", "OPENVAS:1361412562311220191164", "OPENVAS:1361412562311220191201", "OPENVAS:1361412562311220191389", "OPENVAS:1361412562311220191400", "OPENVAS:1361412562311220191419", "OPENVAS:1361412562311220191546", "OPENVAS:1361412562311220191643", "OPENVAS:703748"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2018", "ORACLE:CPUAPR2018-3678067", "ORACLE:CPUAPR2019", "ORACLE:CPUAPR2019-5072813", "ORACLE:CPUAPR2020", "ORACLE:CPUJAN2018", "ORACLE:CPUJAN2018-3236628", "ORACLE:CPUJAN2019", "ORACLE:CPUJAN2019-5072801", "ORACLE:CPUJUL2018", "ORACLE:CPUJUL2018-4258247", "ORACLE:CPUJUL2019", "ORACLE:CPUJUL2019-5072835", "ORACLE:CPUJUL2021", "ORACLE:CPUOCT2018", "ORACLE:CPUOCT2018-4428296"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-2882", "ELSA-2017-2972", "ELSA-2018-3221", "ELSA-2018-4248", "ELSA-2018-4249", "ELSA-2018-4253", "ELSA-2018-4254", "ELSA-2018-4267", "ELSA-2019-2471", "ELSA-2019-4581", "ELSA-2019-4747", "ELSA-2021-9150"]}, {"type": "osv", "idList": ["OSV:DLA-1102-1", "OSV:DLA-1325-1", "OSV:DLA-1449-1", "OSV:DLA-766-1", "OSV:DSA-3748-1", "OSV:DSA-3980-1", "OSV:DSA-4156-1", "OSV:DSA-4348-1", "OSV:DSA-4355-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:147181", "PACKETSTORM:147182", "PACKETSTORM:147247", "PACKETSTORM:147392"]}, {"type": "paloalto", "idList": ["PAN-SA-2018-0015"]}, {"type": "photon", "idList": ["PHSA-2017-0077", "PHSA-2018-0078", "PHSA-2018-0149", "PHSA-2018-1.0-0149", "PHSA-2018-2.0-0078"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:0082A77BD8EFFF48B406D107FEFD0DD3", "QUALYSBLOG:22DFA98A7ED25A67B3D38EAAE5C82A9E", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:9BA334FCEF38374A0B09A0614B2D74D4", "QUALYSBLOG:D57DEDE8164E21BF8EE0C81B50AAA328", "QUALYSBLOG:DEB92D82F8384860B06735A45F20B980"]}, {"type": "redhat", "idList": ["RHSA-2017:2882", "RHSA-2017:2972", "RHSA-2017:3018", "RHSA-2017:3113", "RHSA-2017:3114", "RHSA-2017:3193", "RHSA-2017:3194", "RHSA-2017:3195", "RHSA-2017:3239", "RHSA-2017:3240", "RHSA-2017:3475", "RHSA-2017:3476", "RHSA-2017:3477", "RHSA-2018:3221", "RHSA-2018:3505", "RHSA-2019:3932", "RHSA-2019:3933", "RHSA-2019:3935"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-9798", "RH:CVE-2018-0737"]}, {"type": "saint", "idList": ["SAINT:17FB524069BA3CD18537B30C76190BF7", "SAINT:420D07B85504086850EFAA31B8BCAEB5", "SAINT:E218D6FA073276BB012BADF2CCE50F0E"]}, {"type": "securelist", "idList": ["SECURELIST:35644FF079836082B5B728F8E95F0EDD"]}, {"type": "seebug", "idList": ["SSV:96537", "SSV:97207"]}, {"type": "slackware", "idList": ["SSA-2017-261-01", "SSA-2018-226-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:1057-1", "OPENSUSE-SU-2018:2695-1", "OPENSUSE-SU-2018:2957-1", "OPENSUSE-SU-2018:3015-1", "OPENSUSE-SU-2019:0152-1", "OPENSUSE-SU-2021:3301-1"]}, {"type": "symantec", "idList": ["SMNTC-1457", "SMNTC-1462"]}, {"type": "talosblog", "idList": ["TALOSBLOG:3F14583676BF3FEC18226D8E465C8707", "TALOSBLOG:A09C50A444F2D7D6A5D4552C85316387"]}, {"type": "thn", "idList": ["THN:4DE731C9D113C3993C96A773C079023F", "THN:7FD924637D99697D78D53283817508DA", "THN:8D76D821D51DF9AAAAF1C9D1FA8CA0C5", "THN:8E5D44939B2B2FF0156F7FF2D4802857", "THN:B0F0C0035DAAFA1EC62F15464A80677E", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:F03064A70C65D9BD62A8F5898BA276D2", "THN:F8EDB5227B5DA0E4B49064C2972A193D"]}, {"type": "threatpost", "idList": ["THREATPOST:1A7A6E9FF0F2A41A6A83EBDE0038383C", "THREATPOST:20E3AA69A8819545B9E113C31E8452DD", "THREATPOST:26EF81FADB8E1A92908C782EBBDB8C88", "THREATPOST:3D545239C6AE58821904FBF3069CB365", "THREATPOST:4397A021D669D8AF15AA58DF915F8BB6", "THREATPOST:5633BBF7C54D598EB76A7B3781EFD2CB", "THREATPOST:88071AD0B76A2548D98F733D0DD3FE1A", "THREATPOST:8D6D4C10987CBF3434080EFF240D2E74", "THREATPOST:937A7A291D84404C800DF20ADBE20BC1", "THREATPOST:9530BF61FA72CF3E2B226C171BB8C5E7", "THREATPOST:E1CCA676B9815B84D887370ABFDEE020"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:A5BD476BF79F7E3854840596F916518C"]}, {"type": "ubuntu", "idList": ["USN-3425-1", "USN-3425-2", "USN-3628-1", "USN-3628-2", "USN-3692-1", "USN-3692-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-9939", "UB:CVE-2017-9798", "UB:CVE-2018-0737", "UB:CVE-2018-7600"]}, {"type": "wallarmlab", "idList": ["WALLARMLAB:115E09DAC149F2CA9466BA7550E0A5FE"]}, {"type": "zdt", "idList": ["1337DAY-ID-28573", "1337DAY-ID-30171", "1337DAY-ID-30199", "1337DAY-ID-30200", "1337DAY-ID-30268"]}]}, "score": {"value": 2.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "aix", "idList": ["OPENSSL_ADVISORY27.ASC"]}, {"type": "amazon", "idList": ["ALAS-2017-896", "ALAS-2018-1000"]}, {"type": "apple", "idList": ["APPLE:B7AA5B9368DE4BD135A602B017EB0259", "APPLE:HT208331"]}, {"type": "archlinux", "idList": ["ASA-201709-15", "ASA-201804-1"]}, {"type": "attackerkb", "idList": ["AKB:3374FB55-2A44-4607-A9C5-265E7DE9B936", "AKB:D0F5AA2A-4D99-41A6-9F83-6D0EA1AD01FC"]}, {"type": "centos", "idList": ["CESA-2017:2882", "CESA-2017:2972", "CESA-2018:3221"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2017-0774", "CPAI-2017-0896", "CPAI-2018-0192", "CPAI-2018-1697"]}, {"type": "cisco", "idList": ["CISCO-SA-20180521-CPUSIDECHANNEL"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:B1BFB1BD3BA9A90D6CA66F05AB2DCBAE", "CFOUNDRY:BDB6F8275A06CC11A9EB2C43CBB82E42"]}, {"type": "cloudlinux", "idList": ["CLSA-2021:1632262317"]}, {"type": "cve", "idList": ["CVE-2016-9939", "CVE-2017-9798", "CVE-2018-0737", "CVE-2018-7600"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1102-1:7F277", "DEBIAN:DLA-1325-1:E895C", "DEBIAN:DLA-1449-1:EF247", "DEBIAN:DLA-766-1:18E2C", "DEBIAN:DSA-3748-1:CD0FB", "DEBIAN:DSA-3980-1:C7ED3", "DEBIAN:DSA-4156-1:C1814"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-9798"]}, {"type": "dsquare", "idList": ["E-638", "E-639"]}, {"type": "exploitdb", "idList": ["EDB-ID:42745", "EDB-ID:44448", "EDB-ID:44449", "EDB-ID:44482"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:643750D6FF631053256ACECA930FF041"]}, {"type": "f5", "idList": ["F5:K22854260", "F5:K43429502", "F5:K70084351"]}, {"type": "fedora", "idList": ["FEDORA:092E9605F081", "FEDORA:17401605E206", "FEDORA:2C56E6076005", "FEDORA:45D79604B015", "FEDORA:4B26D6048172", "FEDORA:5C39A60311F1", "FEDORA:63AEC601CFBA", "FEDORA:7595560DCBCA", "FEDORA:8D9BA60468B9", "FEDORA:9DFEE60469B4", "FEDORA:9FC6E6070D50", "FEDORA:A9847604E850", "FEDORA:B56AC605DCD2", "FEDORA:C2CB46042D4E", "FEDORA:D89B16076A01"]}, {"type": "fireeye", "idList": ["FIREEYE:3CF3A3DF17A5FD20D5E05C24F6DBC54B"]}, {"type": "freebsd", "idList": ["76B085E2-9D33-11E7-9260-000C292EE6B8", "8F353420-4197-11E8-8777-B499BAEBFEAF", "A9E466E8-4144-11E8-A292-00E04C1EA73D"]}, {"type": "gentoo", "idList": ["GLSA-201710-32"]}, {"type": "githubexploit", "idList": ["0B0F940B-BBCE-52B1-8A3F-6FF63D7BDA4E", "B41082A1-4177-53E2-A74C-8ABA13AA3E86"]}, {"type": "hackerone", "idList": ["H1:269568"]}, {"type": "httpd", "idList": ["HTTPD:7DDAAFDB1FD8B2E7FD36ADABA5DB6DAA"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20181212-01-CACHE"]}, {"type": "ibm", "idList": ["59AFB6B22B3D21FAFDC933DA29973F4C6887013B5320E839F5B0B140E8DDA7D1", "7CFB9BE2DA6D94FEBCA1C4AA8CF9F47ECB13D1F735997F5255B4A85A3E13B4E7", "D272B1ACFC08FB00F71DAECEAF120EF8F47B4AA0F575849F81F09FF6E35CBFB5", "FEDE4F7915CF8E683DBC7AB56D68872D5740EF9C5D19FED52B140130771052A2"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:4416FB86A8069C419B8EAC9DBF52A644", "IMPERVABLOG:A20D453136A0817CB6973C79EBE9F6D1"]}, {"type": "jvn", "idList": ["JVN:65268217"]}, {"type": "kitploit", "idList": ["KITPLOIT:5494076556436489947"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:8AB104C08F6A4BE34498DA02C120E924"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/SCANNER/HTTP/APACHE_OPTIONSBLEED", "MSF:EXPLOIT/UNIX/WEBAPP/DRUPAL_DRUPALGEDDON2"]}, {"type": "mozilla", "idList": ["MFSA2018-13"]}, {"type": "mskb", "idList": ["KB4013389"]}, {"type": "nessus", "idList": ["ALA_ALAS-2017-896.NASL", "ALA_ALAS-2018-1000.NASL", "CENTOS_RHSA-2017-2882.NASL", "CENTOS_RHSA-2017-2972.NASL", "DEBIAN_DLA-1102.NASL", "DEBIAN_DLA-1325.NASL", "DEBIAN_DLA-766.NASL", "DEBIAN_DSA-3748.NASL", "DEBIAN_DSA-3980.NASL", "DEBIAN_DSA-4156.NASL", "EULEROS_SA-2018-1214.NASL", "EULEROS_SA-2018-1306.NASL", "EULEROS_SA-2021-2542.NASL", "EULEROS_SA-2021-2566.NASL", "FEDORA_2017-A52F252521.NASL", "FEDORA_2018-02A38AF202.NASL", "FEDORA_2018-922CC2FBAA.NASL", "FREEBSD_PKG_76B085E29D3311E79260000C292EE6B8.NASL", "FREEBSD_PKG_8F353420419711E88777B499BAEBFEAF.NASL", "FREEBSD_PKG_A9E466E8414411E8A29200E04C1EA73D.NASL", "GENTOO_GLSA-201710-32.NASL", "OPENSUSE-2017-1083.NASL", "OPENSUSE-2018-1091.NASL", "OPENSUSE-2018-1110.NASL", "OPENSUSE-2018-389.NASL", "OPENSUSE-2019-152.NASL", "ORACLELINUX_ELSA-2017-2882.NASL", "ORACLELINUX_ELSA-2017-2972.NASL", "ORACLELINUX_ELSA-2018-4248.NASL", "ORACLELINUX_ELSA-2018-4249.NASL", "ORACLE_ENTERPRISE_MANAGER_JAN_2019_CPU.NASL", "ORACLE_PRIMAVERA_P6_EPPM_CPU_JAN_2019.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_APR_2018_CPU.NASL", "PHOTONOS_PHSA-2018-1_0-0149_OPENSSL.NASL", "PHOTONOS_PHSA-2018-2_0-0078_OPENSSL.NASL", "REDHAT-RHSA-2017-2882.NASL", "REDHAT-RHSA-2017-2972.NASL", "SECURITYCENTER_5_7_1_TNS_2018_12.NASL", "SLACKWARE_SSA_2017-261-01.NASL", "SL_20171011_HTTPD_ON_SL7_X.NASL", "SL_20171019_HTTPD_ON_SL6_X.NASL", "SUSE_SU-2017-2542-1.NASL", "SUSE_SU-2017-2718-1.NASL", "SUSE_SU-2017-2756-1.NASL", "SUSE_SU-2018-2928-1.NASL", "SUSE_SU-2019-0197-1.NASL", "UBUNTU_USN-3425-1.NASL", "UBUNTU_USN-3628-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310108252", "OPENVAS:1361412562310703980", "OPENVAS:1361412562310704156", "OPENVAS:1361412562310812045", "OPENVAS:1361412562310813153", "OPENVAS:1361412562310813154", "OPENVAS:1361412562310843313", "OPENVAS:1361412562310851734", "OPENVAS:1361412562310851920", "OPENVAS:1361412562310852279", "OPENVAS:1361412562310873446", "OPENVAS:1361412562310874382", "OPENVAS:1361412562310874383", "OPENVAS:1361412562310874421", "OPENVAS:1361412562310874422", "OPENVAS:1361412562310874428", "OPENVAS:1361412562310874436", "OPENVAS:1361412562310874456", "OPENVAS:1361412562310875500", "OPENVAS:1361412562310875534", "OPENVAS:1361412562310882791", "OPENVAS:1361412562310891325", "OPENVAS:703748"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2018"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-2882", "ELSA-2017-2972", "ELSA-2018-4248", "ELSA-2018-4249", "ELSA-2018-4253", "ELSA-2018-4254"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:147181", "PACKETSTORM:147182", "PACKETSTORM:147247", "PACKETSTORM:147392"]}, {"type": "paloalto", "idList": ["PAN-SA-2018-0015"]}, {"type": "photon", "idList": ["PHSA-2018-1.0-0149", "PHSA-2018-2.0-0078"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:D57DEDE8164E21BF8EE0C81B50AAA328"]}, {"type": "redhat", "idList": ["RHSA-2017:2882"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-0737"]}, {"type": "saint", "idList": ["SAINT:420D07B85504086850EFAA31B8BCAEB5", "SAINT:E218D6FA073276BB012BADF2CCE50F0E"]}, {"type": "securelist", "idList": ["SECURELIST:35644FF079836082B5B728F8E95F0EDD"]}, {"type": "seebug", "idList": ["SSV:96537", "SSV:97207"]}, {"type": "slackware", "idList": ["SSA-2017-261-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:1057-1", "OPENSUSE-SU-2018:2957-1", "OPENSUSE-SU-2018:3015-1", "OPENSUSE-SU-2019:0152-1"]}, {"type": "symantec", "idList": ["SMNTC-1457", "SMNTC-1462"]}, {"type": "talosblog", "idList": ["TALOSBLOG:A09C50A444F2D7D6A5D4552C85316387"]}, {"type": "thn", "idList": ["THN:8D76D821D51DF9AAAAF1C9D1FA8CA0C5", "THN:8E5D44939B2B2FF0156F7FF2D4802857", "THN:B0F0C0035DAAFA1EC62F15464A80677E", "THN:F03064A70C65D9BD62A8F5898BA276D2", "THN:F8EDB5227B5DA0E4B49064C2972A193D"]}, {"type": "threatpost", "idList": ["THREATPOST:1A7A6E9FF0F2A41A6A83EBDE0038383C", "THREATPOST:26EF81FADB8E1A92908C782EBBDB8C88", "THREATPOST:3D545239C6AE58821904FBF3069CB365", "THREATPOST:5633BBF7C54D598EB76A7B3781EFD2CB", "THREATPOST:88071AD0B76A2548D98F733D0DD3FE1A", "THREATPOST:937A7A291D84404C800DF20ADBE20BC1", "THREATPOST:E1CCA676B9815B84D887370ABFDEE020"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:A5BD476BF79F7E3854840596F916518C"]}, {"type": "ubuntu", "idList": ["USN-3425-1", "USN-3425-2", "USN-3628-1", "USN-3628-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-0737", "UB:CVE-2018-7600"]}, {"type": "wallarmlab", "idList": ["WALLARMLAB:115E09DAC149F2CA9466BA7550E0A5FE"]}, {"type": "zdt", "idList": ["1337DAY-ID-28573", "1337DAY-ID-30171", "1337DAY-ID-30199", "1337DAY-ID-30200", "1337DAY-ID-30268"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2016-9939", "epss": "0.004370000", "percentile": "0.707350000", "modified": "2023-03-14"}, {"cve": "CVE-2017-9798", "epss": "0.974640000", "percentile": "0.999170000", "modified": "2023-03-14"}, {"cve": "CVE-2018-0737", "epss": "0.005640000", "percentile": "0.743670000", "modified": "2023-03-14"}, {"cve": "CVE-2018-7600", "epss": "0.975790000", "percentile": "0.999980000", "modified": "2023-03-14"}], "vulnersScore": 2.0}, "immutableFields": [], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "edition": 2, "scheme": null, "_state": {"dependencies": 1660004461, "score": 1659979568, "epss": 1678858970}, "_internal": {"score_hash": "690ceffd5e46388938749710dd0278ca"}}

{"nessus": [{"lastseen": "2023-01-11T14:56:29", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:3301-1 advisory.\n\n - Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the length field of the ASN.1 object. If there is not enough content octets in the ASN.1 object, then the function will fail and the memory block will be zeroed even if its unused. There is a noticeable delay during the wipe for a large allocation. (CVE-2016-9939)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-10-07T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : libcryptopp (openSUSE-SU-2021:3301-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9939"], "modified": "2021-10-07T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libcryptopp-devel", "p-cpe:/a:novell:opensuse:libcryptopp5_6_5", "p-cpe:/a:novell:opensuse:libcryptopp5_6_5-32bit", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2021-3301.NASL", "href": "https://www.tenable.com/plugins/nessus/153909", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:3301-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153909);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/07\");\n\n script_cve_id(\"CVE-2016-9939\");\n\n script_name(english:\"openSUSE 15 Security Update : libcryptopp (openSUSE-SU-2021:3301-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the\nopenSUSE-SU-2021:3301-1 advisory.\n\n - Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The\n library will allocate a memory block based on the length field of the ASN.1 object. If there is not enough\n content octets in the ASN.1 object, then the function will fail and the memory block will be zeroed even\n if its unused. There is a noticeable delay during the wipe for a large allocation. (CVE-2016-9939)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1015243\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OT7AMKZYZG3NMSSJK4GVQCGFPLIGSKD5/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c77db7cb\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2016-9939\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libcryptopp-devel, libcryptopp5_6_5 and / or libcryptopp5_6_5-32bit packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-9939\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcryptopp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcryptopp5_6_5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcryptopp5_6_5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'libcryptopp-devel-5.6.5-1.6.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcryptopp5_6_5-32bit-5.6.5-1.6.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libcryptopp5_6_5-5.6.5-1.6.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libcryptopp-devel / libcryptopp5_6_5 / libcryptopp5_6_5-32bit');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:56:51", "description": "The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:3301-1 advisory.\n\n - Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the length field of the ASN.1 object. If there is not enough content octets in the ASN.1 object, then the function will fail and the memory block will be zeroed even if its unused. There is a noticeable delay during the wipe for a large allocation. (CVE-2016-9939)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-10-07T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : libcryptopp (SUSE-SU-2021:3301-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9939"], "modified": "2021-10-07T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libcryptopp-devel", "p-cpe:/a:novell:suse_linux:libcryptopp5_6_5", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-3301-1.NASL", "href": "https://www.tenable.com/plugins/nessus/153906", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:3301-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153906);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/07\");\n\n script_cve_id(\"CVE-2016-9939\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:3301-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : libcryptopp (SUSE-SU-2021:3301-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by a vulnerability as referenced in\nthe SUSE-SU-2021:3301-1 advisory.\n\n - Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The\n library will allocate a memory block based on the length field of the ASN.1 object. If there is not enough\n content octets in the ASN.1 object, then the function will fail and the memory block will be zeroed even\n if its unused. There is a noticeable delay during the wipe for a large allocation. (CVE-2016-9939)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1015243\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-October/009547.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f63e9fea\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2016-9939\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libcryptopp-devel and / or libcryptopp5_6_5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-9939\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcryptopp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcryptopp5_6_5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2/3\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'libcryptopp-devel-5.6.5-1.6.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.2'},\n {'reference':'libcryptopp-devel-5.6.5-1.6.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.2'},\n {'reference':'libcryptopp5_6_5-5.6.5-1.6.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.2'},\n {'reference':'libcryptopp5_6_5-5.6.5-1.6.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.2'},\n {'reference':'libcryptopp-devel-5.6.5-1.6.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libcryptopp-devel-5.6.5-1.6.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libcryptopp5_6_5-5.6.5-1.6.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libcryptopp5_6_5-5.6.5-1.6.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n if (!rpm_exists(release:release, rpm:exists_check)) continue;\n if ('ltss' >< tolower(exists_check)) ltss_caveat_required = TRUE;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libcryptopp-devel / libcryptopp5_6_5');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-16T01:14:24", "description": "Gergely Gábor Nagy from Tresorit discovered that libcrypto++, a C++ cryptographic library, contained a bug in several ASN.1 parsing routines. This would allow an attacker to remotely cause a denial of service.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 5.6.1-6+deb7u3.\n\nWe recommend that you upgrade your libcrypto++ packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-28T00:00:00", "type": "nessus", "title": "Debian DLA-766-1 : libcrypto++ security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9939"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libcrypto%2b%2b-dev", "p-cpe:/a:debian:debian_linux:libcrypto%2b%2b-doc", "p-cpe:/a:debian:debian_linux:libcrypto%2b%2b-utils", "p-cpe:/a:debian:debian_linux:libcrypto%2b%2b9", "p-cpe:/a:debian:debian_linux:libcrypto%2b%2b9-dbg", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-766.NASL", "href": "https://www.tenable.com/plugins/nessus/96155", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-766-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96155);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-9939\");\n\n script_name(english:\"Debian DLA-766-1 : libcrypto++ security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Gergely Gábor Nagy from Tresorit discovered that libcrypto++, a\nC++ cryptographic library, contained a bug in several ASN.1 parsing\nroutines. This would allow an attacker to remotely cause a denial of\nservice.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n5.6.1-6+deb7u3.\n\nWe recommend that you upgrade your libcrypto++ packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/12/msg00042.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/libcrypto++\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcrypto++-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcrypto++-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcrypto++-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcrypto++9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcrypto++9-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libcrypto++-dev\", reference:\"5.6.1-6+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcrypto++-doc\", reference:\"5.6.1-6+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcrypto++-utils\", reference:\"5.6.1-6+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcrypto++9\", reference:\"5.6.1-6+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcrypto++9-dbg\", reference:\"5.6.1-6+deb7u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-16T01:15:04", "description": "Gergely Gabor Nagy from Tresorit discovered that libcrypto++, a C++ cryptographic library, contained a bug in several ASN.1 parsing routines. This would allow an attacker to remotely cause a denial of service.", "cvss3": {}, "published": "2016-12-27T00:00:00", "type": "nessus", "title": "Debian DSA-3748-1 : libcrypto++ - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9939"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libcrypto%2b%2b", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3748.NASL", "href": "https://www.tenable.com/plugins/nessus/96105", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3748. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96105);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-9939\");\n script_xref(name:\"DSA\", value:\"3748\");\n\n script_name(english:\"Debian DSA-3748-1 : libcrypto++ - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Gergely Gabor Nagy from Tresorit discovered that libcrypto++, a C++\ncryptographic library, contained a bug in several ASN.1 parsing\nroutines. This would allow an attacker to remotely cause a denial of\nservice.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848009\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/libcrypto++\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3748\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libcrypto++ packages.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 5.6.1-6+deb8u3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcrypto++\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libcrypto++-dev\", reference:\"5.6.1-6+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcrypto++-doc\", reference:\"5.6.1-6+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcrypto++-utils\", reference:\"5.6.1-6+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcrypto++9\", reference:\"5.6.1-6+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcrypto++9-dbg\", reference:\"5.6.1-6+deb8u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-29T14:41:48", "description": "Hanno Boeck discovered that incorrect parsing of Limit directives of .htaccess files by the Apache HTTP Server could result in memory disclosure.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-09-21T00:00:00", "type": "nessus", "title": "Debian DSA-3980-1 : apache2 - security update (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:apache2", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-3980.NASL", "href": "https://www.tenable.com/plugins/nessus/103364", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3980. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103364);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-9798\");\n script_xref(name:\"DSA\", value:\"3980\");\n\n script_name(english:\"Debian DSA-3980-1 : apache2 - security update (Optionsbleed)\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Hanno Boeck discovered that incorrect parsing of Limit directives of\n.htaccess files by the Apache HTTP Server could result in memory\ndisclosure.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/apache2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/apache2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3980\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the apache2 packages.\n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 2.4.10-10+deb8u11.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 2.4.25-3+deb9u3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"apache2\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-bin\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-data\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-dbg\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-dev\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-doc\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-mpm-event\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-mpm-itk\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-mpm-prefork\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-mpm-worker\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-suexec\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-suexec-custom\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-suexec-pristine\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-utils\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2.2-bin\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2.2-common\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libapache2-mod-macro\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libapache2-mod-proxy-html\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2\", reference:\"2.4.25-3+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2-bin\", reference:\"2.4.25-3+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2-data\", reference:\"2.4.25-3+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2-dbg\", reference:\"2.4.25-3+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2-dev\", reference:\"2.4.25-3+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2-doc\", reference:\"2.4.25-3+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2-ssl-dev\", reference:\"2.4.25-3+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2-suexec-custom\", reference:\"2.4.25-3+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2-suexec-pristine\", reference:\"2.4.25-3+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2-utils\", reference:\"2.4.25-3+deb9u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-29T14:43:16", "description": "An update for httpd is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno Bock for reporting this issue.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-10-12T00:00:00", "type": "nessus", "title": "RHEL 7 : httpd (RHSA-2017:2882) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-tools", "p-cpe:/a:redhat:enterprise_linux:mod_ldap", "p-cpe:/a:redhat:enterprise_linux:mod_proxy_html", "p-cpe:/a:redhat:enterprise_linux:mod_session", "p-cpe:/a:redhat:enterprise_linux:mod_ssl", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2017-2882.NASL", "href": "https://www.tenable.com/plugins/nessus/103804", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:2882. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103804);\n script_version(\"3.12\");\n script_cvs_date(\"Date: 2019/10/24 15:35:43\");\n\n script_cve_id(\"CVE-2017-9798\");\n script_xref(name:\"RHSA\", value:\"2017:2882\");\n\n script_name(english:\"RHEL 7 : httpd (RHSA-2017:2882) (Optionsbleed)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for httpd is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* A use-after-free flaw was found in the way httpd handled invalid and\npreviously unregistered HTTP methods specified in the Limit directive\nused in an .htaccess file. A remote attacker could possibly use this\nflaw to disclose portions of the server memory, or cause httpd child\nprocess to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno Bock for reporting this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:2882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-9798\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/12\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:2882\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"httpd-2.4.6-67.el7.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd-2.4.6-67.el7.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"httpd-debuginfo-2.4.6-67.el7.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd-debuginfo-2.4.6-67.el7.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"httpd-devel-2.4.6-67.el7.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd-devel-2.4.6-67.el7.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"httpd-manual-2.4.6-67.el7.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"httpd-tools-2.4.6-67.el7.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd-tools-2.4.6-67.el7.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mod_ldap-2.4.6-67.el7.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_ldap-2.4.6-67.el7.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mod_proxy_html-2.4.6-67.el7.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_proxy_html-2.4.6-67.el7.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mod_session-2.4.6-67.el7.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_session-2.4.6-67.el7.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mod_ssl-2.4.6-67.el7.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_ssl-2.4.6-67.el7.5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-29T14:43:16", "description": "This update for apache2 fixes one issues. This security issue was fixed :\n\n - CVE-2017-9798: Prevent use-after-free use of memory that allowed for an information leak via OPTIONS (bsc#1058058)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-10-13T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : apache2 (SUSE-SU-2017:2718-1) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2", "p-cpe:/a:novell:suse_linux:apache2-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-debugsource", "p-cpe:/a:novell:suse_linux:apache2-example-pages", "p-cpe:/a:novell:suse_linux:apache2-prefork", "p-cpe:/a:novell:suse_linux:apache2-prefork-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-utils", "p-cpe:/a:novell:suse_linux:apache2-utils-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-worker", "p-cpe:/a:novell:suse_linux:apache2-worker-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-2718-1.NASL", "href": "https://www.tenable.com/plugins/nessus/103833", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2718-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103833);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-9798\");\n\n script_name(english:\"SUSE SLES12 Security Update : apache2 (SUSE-SU-2017:2718-1) (Optionsbleed)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for apache2 fixes one issues. This security issue was\nfixed :\n\n - CVE-2017-9798: Prevent use-after-free use of memory that\n allowed for an information leak via OPTIONS\n (bsc#1058058)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058058\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9798/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172718-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b3bb4ad6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 6:zypper in -t patch\nSUSE-OpenStack-Cloud-6-2017-1682=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2017-1682=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2017-1682=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-prefork-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-worker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"apache2-2.4.16-20.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"apache2-debuginfo-2.4.16-20.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"apache2-debugsource-2.4.16-20.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"apache2-example-pages-2.4.16-20.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"apache2-prefork-2.4.16-20.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"apache2-prefork-debuginfo-2.4.16-20.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"apache2-utils-2.4.16-20.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"apache2-utils-debuginfo-2.4.16-20.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"apache2-worker-2.4.16-20.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"apache2-worker-debuginfo-2.4.16-20.13.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-29T15:04:05", "description": "This is a release fixing a security fix applied upstream, known as 'optionsbleed' in popular parlance.\n\nIt is relevant for hosted and co-located instances of Fedora (and why wouldn't you?).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-01-15T00:00:00", "type": "nessus", "title": "Fedora 27 : httpd (2017-fdd3a98e8f) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:httpd", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2017-FDD3A98E8F.NASL", "href": "https://www.tenable.com/plugins/nessus/106018", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-fdd3a98e8f.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106018);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-9798\");\n script_xref(name:\"FEDORA\", value:\"2017-fdd3a98e8f\");\n\n script_name(english:\"Fedora 27 : httpd (2017-fdd3a98e8f) (Optionsbleed)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This is a release fixing a security fix applied upstream, known as\n'optionsbleed' in popular parlance.\n\nIt is relevant for hosted and co-located instances of Fedora (and why\nwouldn't you?).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-fdd3a98e8f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected httpd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"httpd-2.4.27-8.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-29T14:43:17", "description": "According to the version of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-11-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : httpd (EulerOS-SA-2017-1253)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:httpd", "p-cpe:/a:huawei:euleros:httpd-devel", "p-cpe:/a:huawei:euleros:httpd-manual", "p-cpe:/a:huawei:euleros:httpd-tools", "p-cpe:/a:huawei:euleros:mod_ssl", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1253.NASL", "href": "https://www.tenable.com/plugins/nessus/104278", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104278);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-9798\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : httpd (EulerOS-SA-2017-1253)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the httpd packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - A use-after-free flaw was found in the way httpd\n handled invalid and previously unregistered HTTP\n methods specified in the Limit directive used in an\n .htaccess file. A remote attacker could possibly use\n this flaw to disclose portions of the server memory, or\n cause httpd child process to crash. (CVE-2017-9798)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1253\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?97163687\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected httpd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"httpd-2.4.6-45.0.1.4.h5\",\n \"httpd-devel-2.4.6-45.0.1.4.h5\",\n \"httpd-manual-2.4.6-45.0.1.4.h5\",\n \"httpd-tools-2.4.6-45.0.1.4.h5\",\n \"mod_ssl-2.4.6-45.0.1.4.h5\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-29T14:42:22", "description": "Hanno Bock discovered that the Apache HTTP Server incorrectly handled Limit directives in .htaccess files. In certain configurations, a remote attacker could possibly use this issue to read arbitrary server memory, including sensitive information. This issue is known as Optionsbleed.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-09-20T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : apache2 vulnerability (USN-3425-1) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:apache2-bin", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.04"], "id": "UBUNTU_USN-3425-1.NASL", "href": "https://www.tenable.com/plugins/nessus/103356", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3425-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103356);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-9798\");\n script_xref(name:\"USN\", value:\"3425-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : apache2 vulnerability (USN-3425-1) (Optionsbleed)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Hanno Bock discovered that the Apache HTTP Server incorrectly handled\nLimit directives in .htaccess files. In certain configurations, a\nremote attacker could possibly use this issue to read arbitrary server\nmemory, including sensitive information. This issue is known as\nOptionsbleed.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3425-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected apache2-bin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|17\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 17.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"apache2-bin\", pkgver:\"2.4.7-1ubuntu4.18\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"apache2-bin\", pkgver:\"2.4.18-2ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"apache2-bin\", pkgver:\"2.4.25-3ubuntu2.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-bin\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-29T14:41:31", "description": "Hanno Boeck discovered that incorrect parsing of Limit directives of .htaccess files by the Apache HTTP Server could result in memory disclosure.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 2.2.22-13+deb7u12.\n\nWe recommend that you upgrade your apache2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-09-22T00:00:00", "type": "nessus", "title": "Debian DLA-1102-1 : apache2 security update (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:apache2", "p-cpe:/a:debian:debian_linux:apache2-dbg", "p-cpe:/a:debian:debian_linux:apache2-doc", "p-cpe:/a:debian:debian_linux:apache2-mpm-event", "p-cpe:/a:debian:debian_linux:apache2-mpm-itk", "p-cpe:/a:debian:debian_linux:apache2-mpm-prefork", "p-cpe:/a:debian:debian_linux:apache2-mpm-worker", "p-cpe:/a:debian:debian_linux:apache2-prefork-dev", "p-cpe:/a:debian:debian_linux:apache2-suexec", "p-cpe:/a:debian:debian_linux:apache2-suexec-custom", "p-cpe:/a:debian:debian_linux:apache2-threaded-dev", "p-cpe:/a:debian:debian_linux:apache2-utils", "p-cpe:/a:debian:debian_linux:apache2.2-bin", "p-cpe:/a:debian:debian_linux:apache2.2-common", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1102.NASL", "href": "https://www.tenable.com/plugins/nessus/103389", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1102-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103389);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-9798\");\n\n script_name(english:\"Debian DLA-1102-1 : apache2 security update (Optionsbleed)\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Hanno Boeck discovered that incorrect parsing of Limit directives of\n.htaccess files by the Apache HTTP Server could result in memory\ndisclosure.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n2.2.22-13+deb7u12.\n\nWe recommend that you upgrade your apache2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/09/msg00019.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/apache2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-mpm-event\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-mpm-itk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-mpm-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-mpm-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-prefork-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-suexec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-suexec-custom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-threaded-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2.2-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2.2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/21\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"apache2\", reference:\"2.2.22-13+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-dbg\", reference:\"2.2.22-13+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-doc\", reference:\"2.2.22-13+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-mpm-event\", reference:\"2.2.22-13+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-mpm-itk\", reference:\"2.2.22-13+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-mpm-prefork\", reference:\"2.2.22-13+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-mpm-worker\", reference:\"2.2.22-13+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-prefork-dev\", reference:\"2.2.22-13+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-suexec\", reference:\"2.2.22-13+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-suexec-custom\", reference:\"2.2.22-13+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-threaded-dev\", reference:\"2.2.22-13+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-utils\", reference:\"2.2.22-13+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2.2-bin\", reference:\"2.2.22-13+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2.2-common\", reference:\"2.2.22-13+deb7u12\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-29T14:41:31", "description": "This update for apache2 fixes the following security issue :\n\n - CVE-2017-9798: Prevent use-after-free use of memory that allowed for an information leak via OPTIONS (bsc#1058058).\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update project.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-09-22T00:00:00", "type": "nessus", "title": "openSUSE Security Update : apache2 (openSUSE-2017-1083) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2", "p-cpe:/a:novell:opensuse:apache2-debuginfo", "p-cpe:/a:novell:opensuse:apache2-debugsource", "p-cpe:/a:novell:opensuse:apache2-devel", "p-cpe:/a:novell:opensuse:apache2-event", "p-cpe:/a:novell:opensuse:apache2-event-debuginfo", "p-cpe:/a:novell:opensuse:apache2-example-pages", "p-cpe:/a:novell:opensuse:apache2-prefork", "p-cpe:/a:novell:opensuse:apache2-prefork-debuginfo", "p-cpe:/a:novell:opensuse:apache2-utils", "p-cpe:/a:novell:opensuse:apache2-utils-debuginfo", "p-cpe:/a:novell:opensuse:apache2-worker", "p-cpe:/a:novell:opensuse:apache2-worker-debuginfo", "cpe:/o:novell:opensuse:42.2", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2017-1083.NASL", "href": "https://www.tenable.com/plugins/nessus/103399", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1083.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103399);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-9798\");\n\n script_name(english:\"openSUSE Security Update : apache2 (openSUSE-2017-1083) (Optionsbleed)\");\n script_summary(english:\"Check for the openSUSE-2017-1083 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for apache2 fixes the following security issue :\n\n - CVE-2017-9798: Prevent use-after-free use of memory that\n allowed for an information leak via OPTIONS\n (bsc#1058058).\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1058058\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-event\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-event-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-prefork-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-worker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/21\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-2.4.23-8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-debuginfo-2.4.23-8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-debugsource-2.4.23-8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-devel-2.4.23-8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-event-2.4.23-8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-event-debuginfo-2.4.23-8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-example-pages-2.4.23-8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-prefork-2.4.23-8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-prefork-debuginfo-2.4.23-8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-utils-2.4.23-8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-utils-debuginfo-2.4.23-8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-worker-2.4.23-8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-worker-debuginfo-2.4.23-8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-2.4.23-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-debuginfo-2.4.23-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-debugsource-2.4.23-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-devel-2.4.23-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-event-2.4.23-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-event-debuginfo-2.4.23-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-example-pages-2.4.23-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-prefork-2.4.23-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-prefork-debuginfo-2.4.23-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-utils-2.4.23-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-utils-debuginfo-2.4.23-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-worker-2.4.23-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-worker-debuginfo-2.4.23-16.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2 / apache2-debuginfo / apache2-debugsource / apache2-devel / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-29T14:41:58", "description": "This update for apache2 fixes the following security issue :\n\n - CVE-2017-9798: Prevent use-after-free use of memory that allowed for an information leak via OPTIONS (bsc#1058058).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-09-22T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : apache2 (SUSE-SU-2017:2542-1) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2", "p-cpe:/a:novell:suse_linux:apache2-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-debugsource", "p-cpe:/a:novell:suse_linux:apache2-example-pages", "p-cpe:/a:novell:suse_linux:apache2-prefork", "p-cpe:/a:novell:suse_linux:apache2-prefork-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-utils", "p-cpe:/a:novell:suse_linux:apache2-utils-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-worker", "p-cpe:/a:novell:suse_linux:apache2-worker-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-2542-1.NASL", "href": "https://www.tenable.com/plugins/nessus/103413", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2542-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103413);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-9798\");\n\n script_name(english:\"SUSE SLES12 Security Update : apache2 (SUSE-SU-2017:2542-1) (Optionsbleed)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for apache2 fixes the following security issue :\n\n - CVE-2017-9798: Prevent use-after-free use of memory that\n allowed for an information leak via OPTIONS\n (bsc#1058058).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058058\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9798/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172542-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e60e3183\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2017-1572=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-1572=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-1572=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2017-1572=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-1572=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-prefork-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-worker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/22\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"apache2-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"apache2-debuginfo-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"apache2-debugsource-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"apache2-example-pages-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"apache2-prefork-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"apache2-prefork-debuginfo-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"apache2-utils-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"apache2-utils-debuginfo-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"apache2-worker-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"apache2-worker-debuginfo-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"apache2-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"apache2-debuginfo-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"apache2-debugsource-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"apache2-example-pages-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"apache2-prefork-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"apache2-prefork-debuginfo-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"apache2-utils-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"apache2-utils-debuginfo-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"apache2-worker-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"apache2-worker-debuginfo-2.4.23-29.6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-29T14:41:45", "description": "This is a release fixing a security fix applied upstream, known as 'optionsbleed' in popular parlance.\n\nIt is relevant for hosted and co-located instances of Fedora (and why wouldn't you?).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-09-25T00:00:00", "type": "nessus", "title": "Fedora 26 : httpd (2017-a52f252521) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:httpd", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-A52F252521.NASL", "href": "https://www.tenable.com/plugins/nessus/103438", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-a52f252521.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103438);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-9798\");\n script_xref(name:\"FEDORA\", value:\"2017-a52f252521\");\n\n script_name(english:\"Fedora 26 : httpd (2017-a52f252521) (Optionsbleed)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This is a release fixing a security fix applied upstream, known as\n'optionsbleed' in popular parlance.\n\nIt is relevant for hosted and co-located instances of Fedora (and why\nwouldn't you?).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-a52f252521\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected httpd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/25\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"httpd-2.4.27-3.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-29T14:42:37", "description": "Security Fix(es) :\n\n - A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-10-12T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : httpd on SL7.x x86_64 (20171011) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:httpd", "p-cpe:/a:fermilab:scientific_linux:httpd-debuginfo", "p-cpe:/a:fermilab:scientific_linux:httpd-devel", "p-cpe:/a:fermilab:scientific_linux:httpd-manual", "p-cpe:/a:fermilab:scientific_linux:httpd-tools", "p-cpe:/a:fermilab:scientific_linux:mod_ldap", "p-cpe:/a:fermilab:scientific_linux:mod_proxy_html", "p-cpe:/a:fermilab:scientific_linux:mod_session", "p-cpe:/a:fermilab:scientific_linux:mod_ssl", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20171011_HTTPD_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/103806", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103806);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-9798\");\n\n script_name(english:\"Scientific Linux Security Update : httpd on SL7.x x86_64 (20171011) (Optionsbleed)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - A use-after-free flaw was found in the way httpd handled\n invalid and previously unregistered HTTP methods\n specified in the Limit directive used in an .htaccess\n file. A remote attacker could possibly use this flaw to\n disclose portions of the server memory, or cause httpd\n child process to crash. (CVE-2017-9798)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1710&L=scientific-linux-errata&F=&S=&P=9988\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e195877f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/12\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"httpd-2.4.6-67.el7_4.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"httpd-debuginfo-2.4.6-67.el7_4.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"httpd-devel-2.4.6-67.el7_4.5\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"httpd-manual-2.4.6-67.el7_4.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"httpd-tools-2.4.6-67.el7_4.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mod_ldap-2.4.6-67.el7_4.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mod_proxy_html-2.4.6-67.el7_4.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mod_session-2.4.6-67.el7_4.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mod_ssl-2.4.6-67.el7_4.5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-30T14:45:02", "description": "From Red Hat Security Advisory 2017:2882 :\n\nAn update for httpd is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno Bock for reporting this issue.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-10-12T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : httpd (ELSA-2017-2882) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:httpd", "p-cpe:/a:oracle:linux:httpd-devel", "p-cpe:/a:oracle:linux:httpd-manual", "p-cpe:/a:oracle:linux:httpd-tools", "p-cpe:/a:oracle:linux:mod_ldap", "p-cpe:/a:oracle:linux:mod_proxy_html", "p-cpe:/a:oracle:linux:mod_session", "p-cpe:/a:oracle:linux:mod_ssl", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2017-2882.NASL", "href": "https://www.tenable.com/plugins/nessus/103803", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2017:2882 and \n# Oracle Linux Security Advisory ELSA-2017-2882 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103803);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-9798\");\n script_xref(name:\"RHSA\", value:\"2017:2882\");\n\n script_name(english:\"Oracle Linux 7 : httpd (ELSA-2017-2882) (Optionsbleed)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2017:2882 :\n\nAn update for httpd is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* A use-after-free flaw was found in the way httpd handled invalid and\npreviously unregistered HTTP methods specified in the Limit directive\nused in an .htaccess file. A remote attacker could possibly use this\nflaw to disclose portions of the server memory, or cause httpd child\nprocess to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno Bock for reporting this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-October/007263.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/12\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"httpd-2.4.6-67.0.1.el7_4.5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"httpd-devel-2.4.6-67.0.1.el7_4.5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"httpd-manual-2.4.6-67.0.1.el7_4.5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"httpd-tools-2.4.6-67.0.1.el7_4.5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mod_ldap-2.4.6-67.0.1.el7_4.5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mod_proxy_html-2.4.6-67.0.1.el7_4.5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mod_session-2.4.6-67.0.1.el7_4.5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mod_ssl-2.4.6-67.0.1.el7_4.5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-tools / mod_ldap / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-29T14:43:31", "description": "An update for httpd is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno Bock for reporting this issue.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-10-12T00:00:00", "type": "nessus", "title": "CentOS 7 : httpd (CESA-2017:2882) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:httpd", "p-cpe:/a:centos:centos:httpd-devel", "p-cpe:/a:centos:centos:httpd-manual", "p-cpe:/a:centos:centos:httpd-tools", "p-cpe:/a:centos:centos:mod_ldap", "p-cpe:/a:centos:centos:mod_proxy_html", "p-cpe:/a:centos:centos:mod_session", "p-cpe:/a:centos:centos:mod_ssl", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2017-2882.NASL", "href": "https://www.tenable.com/plugins/nessus/103790", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:2882 and \n# CentOS Errata and Security Advisory 2017:2882 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103790);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-9798\");\n script_xref(name:\"RHSA\", value:\"2017:2882\");\n\n script_name(english:\"CentOS 7 : httpd (CESA-2017:2882) (Optionsbleed)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for httpd is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* A use-after-free flaw was found in the way httpd handled invalid and\npreviously unregistered HTTP methods specified in the Limit directive\nused in an .htaccess file. A remote attacker could possibly use this\nflaw to disclose portions of the server memory, or cause httpd child\nprocess to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno Bock for reporting this issue.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-October/022565.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?68e97394\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-9798\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/12\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"httpd-2.4.6-67.el7.centos.5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"httpd-devel-2.4.6-67.el7.centos.5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"httpd-manual-2.4.6-67.el7.centos.5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"httpd-tools-2.4.6-67.el7.centos.5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mod_ldap-2.4.6-67.el7.centos.5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mod_proxy_html-2.4.6-67.el7.centos.5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mod_session-2.4.6-67.el7.centos.5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mod_ssl-2.4.6-67.el7.centos.5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-tools / mod_ldap / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-29T14:41:45", "description": "New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-09-19T00:00:00", "type": "nessus", "title": "Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : httpd (SSA:2017-261-01) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:httpd", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:13.0", "cpe:/o:slackware:slackware_linux:13.1", "cpe:/o:slackware:slackware_linux:13.37", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2017-261-01.NASL", "href": "https://www.tenable.com/plugins/nessus/103306", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2017-261-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103306);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-9798\");\n script_xref(name:\"SSA\", value:\"2017-261-01\");\n\n script_name(english:\"Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : httpd (SSA:2017-261-01) (Optionsbleed)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New httpd packages are available for Slackware 13.0, 13.1, 13.37,\n14.0, 14.1, 14.2, and -current to fix a security issue.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.551634\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bf69bb8a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected httpd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"13.0\", pkgname:\"httpd\", pkgver:\"2.2.34\", pkgarch:\"i486\", pkgnum:\"2_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.2.34\", pkgarch:\"x86_64\", pkgnum:\"2_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"httpd\", pkgver:\"2.2.34\", pkgarch:\"i486\", pkgnum:\"2_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.2.34\", pkgarch:\"x86_64\", pkgnum:\"2_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"httpd\", pkgver:\"2.2.34\", pkgarch:\"i486\", pkgnum:\"2_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.2.34\", pkgarch:\"x86_64\", pkgnum:\"2_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"14.0\", pkgname:\"httpd\", pkgver:\"2.4.27\", pkgarch:\"i486\", pkgnum:\"2_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.4.27\", pkgarch:\"x86_64\", pkgnum:\"2_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"httpd\", pkgver:\"2.4.27\", pkgarch:\"i486\", pkgnum:\"2_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.4.27\", pkgarch:\"x86_64\", pkgnum:\"2_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"httpd\", pkgver:\"2.4.27\", pkgarch:\"i586\", pkgnum:\"2_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.4.27\", pkgarch:\"x86_64\", pkgnum:\"2_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"httpd\", pkgver:\"2.4.27\", pkgarch:\"i586\", pkgnum:\"3\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.4.27\", pkgarch:\"x86_64\", pkgnum:\"3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-29T14:42:22", "description": "The Fuzzing Project reports :\n\nApache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-09-20T00:00:00", "type": "nessus", "title": "FreeBSD : Apache -- HTTP OPTIONS method can leak server memory (76b085e2-9d33-11e7-9260-000c292ee6b8) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:apache22", "p-cpe:/a:freebsd:freebsd:apache24", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_76B085E29D3311E79260000C292EE6B8.NASL", "href": "https://www.tenable.com/plugins/nessus/103344", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103344);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-9798\");\n\n script_name(english:\"FreeBSD : Apache -- HTTP OPTIONS method can leak server memory (76b085e2-9d33-11e7-9260-000c292ee6b8) (Optionsbleed)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Fuzzing Project reports :\n\nApache httpd allows remote attackers to read secret data from process\nmemory if the Limit directive can be set in a user's .htaccess file,\nor if httpd.conf has certain misconfigurations, aka Optionsbleed. This\naffects the Apache HTTP Server through 2.2.34 and 2.4.x through\n2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request\nwhen attempting to read secret data. This is a use-after-free issue\nand thus secret data is not always sent, and the specific data depends\non many factors including configuration. Exploitation with .htaccess\ncan be blocked with a patch to the ap_limit_section function in\nserver/core.c.\"\n );\n # https://vuxml.freebsd.org/freebsd/76b085e2-9d33-11e7-9260-000c292ee6b8.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5a9655b5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache22\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache24\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"apache24<2.4.27_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"apache22<2.2.34_1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-03-23T14:56:26", "description": "According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.28. It is, therefore, affected by an HTTP vulnerability related to the <Limit {method}> directive in an .htaccess file.\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-01-09T00:00:00", "type": "nessus", "title": "Apache 2.4.x < 2.4.28 HTTP Vulnerability (OptionsBleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2023-03-14T00:00:00", "cpe": ["cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98913", "href": "https://www.tenable.com/plugins/was/98913", "sourceData": "No source data", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-29T14:43:30", "description": "According to the version of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-11-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : httpd (EulerOS-SA-2017-1252)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:httpd", "p-cpe:/a:huawei:euleros:httpd-devel", "p-cpe:/a:huawei:euleros:httpd-manual", "p-cpe:/a:huawei:euleros:httpd-tools", "p-cpe:/a:huawei:euleros:mod_ssl", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1252.NASL", "href": "https://www.tenable.com/plugins/nessus/104277", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104277);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-9798\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : httpd (EulerOS-SA-2017-1252)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the httpd packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - A use-after-free flaw was found in the way httpd\n handled invalid and previously unregistered HTTP\n methods specified in the Limit directive used in an\n .htaccess file. A remote attacker could possibly use\n this flaw to disclose portions of the server memory, or\n cause httpd child process to crash. (CVE-2017-9798)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1252\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d09c3870\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected httpd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"httpd-2.4.6-45.0.1.4.h8\",\n \"httpd-devel-2.4.6-45.0.1.4.h8\",\n \"httpd-manual-2.4.6-45.0.1.4.h8\",\n \"httpd-tools-2.4.6-45.0.1.4.h8\",\n \"mod_ssl-2.4.6-45.0.1.4.h8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-29T14:41:58", "description": "Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration.(CVE-2017-9798)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-09-19T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : httpd24 / httpd (ALAS-2017-896) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2019-04-10T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:httpd", "p-cpe:/a:amazon:linux:httpd-debuginfo", "p-cpe:/a:amazon:linux:httpd-devel", "p-cpe:/a:amazon:linux:httpd-manual", "p-cpe:/a:amazon:linux:httpd-tools", "p-cpe:/a:amazon:linux:httpd24", "p-cpe:/a:amazon:linux:httpd24-debuginfo", "p-cpe:/a:amazon:linux:httpd24-devel", "p-cpe:/a:amazon:linux:httpd24-manual", "p-cpe:/a:amazon:linux:httpd24-tools", "p-cpe:/a:amazon:linux:mod24_ldap", "p-cpe:/a:amazon:linux:mod24_proxy_html", "p-cpe:/a:amazon:linux:mod24_session", "p-cpe:/a:amazon:linux:mod24_ssl", "p-cpe:/a:amazon:linux:mod_ssl", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2017-896.NASL", "href": "https://www.tenable.com/plugins/nessus/103309", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-896.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103309);\n script_version(\"3.7\");\n script_cvs_date(\"Date: 2019/04/10 16:10:16\");\n\n script_cve_id(\"CVE-2017-9798\");\n script_xref(name:\"ALAS\", value:\"2017-896\");\n\n script_name(english:\"Amazon Linux AMI : httpd24 / httpd (ALAS-2017-896) (Optionsbleed)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Apache httpd allows remote attackers to read secret data from process\nmemory if the Limit directive can be set in a user's .htaccess file,\nor if httpd.conf has certain misconfigurations, aka Optionsbleed. The\nattacker sends an unauthenticated OPTIONS HTTP request when attempting\nto read secret data. This is a use-after-free issue and thus secret\ndata is not always sent, and the specific data depends on many factors\nincluding configuration.(CVE-2017-9798)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-896.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Run 'yum update httpd24' to update your system.\n\nRun 'yum update httpd' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"httpd-2.2.34-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-debuginfo-2.2.34-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-devel-2.2.34-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-manual-2.2.34-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-tools-2.2.34-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd24-2.4.27-3.73.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd24-debuginfo-2.4.27-3.73.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd24-devel-2.4.27-3.73.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd24-manual-2.4.27-3.73.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd24-tools-2.4.27-3.73.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod24_ldap-2.4.27-3.73.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod24_proxy_html-2.4.27-3.73.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod24_session-2.4.27-3.73.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod24_ssl-2.4.27-3.73.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod_ssl-2.2.34-1.15.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-29T14:42:37", "description": "According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.28. It is, therefore, affected by an HTTP vulnerability related to the <Limit {method}> directive in an .htaccess file.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-10-13T00:00:00", "type": "nessus", "title": "Apache 2.4.x < 2.4.28 HTTP Vulnerability (OptionsBleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:http_server", "cpe:/a:apache:httpd"], "id": "APACHE_2_4_28.NASL", "href": "https://www.tenable.com/plugins/nessus/103838", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103838);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2017-9798\");\n script_bugtraq_id(100872);\n\n script_name(english:\"Apache 2.4.x < 2.4.28 HTTP Vulnerability (OptionsBleed)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of Apache running on the remote\nhost is 2.4.x prior to 2.4.28. It is, therefore, affected by an HTTP\nvulnerability related to the <Limit {method}> directive in an \n.htaccess file.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://archive.apache.org/dist/httpd/CHANGES_2.4.28\");\n script_set_attribute(attribute:\"see_also\", value:\"https://httpd.apache.org/security/vulnerabilities_24.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache version 2.4.28 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-9798\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:http_server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:httpd\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"apache_http_version.nasl\", \"apache_http_server_nix_installed.nbin\", \"apache_httpd_win_installed.nbin\");\n script_require_keys(\"installed_sw/Apache\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\n\napp_info = vcf::apache_http_server::combined_get_app_info(app:'Apache');\n\nconstraints = [\n { \"min_version\" : \"2.4\", \"fixed_version\" : \"2.4.28\" }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-17T15:05:00", "description": "The version of Drupal installed on the remote server is 8.5.x prior to 8.5.1, and is affected by a flaw in the 'preHandle()' function in 'core/lib/Drupal/Core/DrupalKernel.php' that is triggered as certain parameter keys within HTTP requests are not properly sanitized. This may allow a remote attacker to execute arbitrary code. This issue may be exploited using multiple unspecified attack vectors.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-03-29T00:00:00", "type": "nessus", "title": "Drupal 8.5.x < 8.5.1 RCE", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7600"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:drupal:drupal"], "id": "700230.PRM", "href": "https://www.tenable.com/plugins/nnm/700230", "sourceData": "Binary data 700230.prm", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-17T15:05:00", "description": "The version of Drupal installed on the remote server is 8.4.x prior to 8.4.6, and is affected by a flaw in the 'preHandle()' function in 'core/lib/Drupal/Core/DrupalKernel.php' that is triggered as certain parameter keys within HTTP requests are not properly sanitized. This may allow a remote attacker to execute arbitrary code. This issue may be exploited using multiple unspecified attack vectors.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-03-29T00:00:00", "type": "nessus", "title": "Drupal 8.4.x < 8.4.6 RCE", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7600"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:drupal:drupal"], "id": "700229.PRM", "href": "https://www.tenable.com/plugins/nnm/700229", "sourceData": "Binary data 700229.prm", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:45:32", "description": "Drupal Security Team reports :\n\nCVE-2018-7600: Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-04-16T00:00:00", "type": "nessus", "title": "FreeBSD : drupal -- Drupal Core - Multiple Vulnerabilities (a9e466e8-4144-11e8-a292-00e04c1ea73d) (Drupalgeddon 2)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7600"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:drupal7", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_A9E466E8414411E8A29200E04C1EA73D.NASL", "href": "https://www.tenable.com/plugins/nessus/109055", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2022 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109055);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2018-7600\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"FreeBSD : drupal -- Drupal Core - Multiple Vulnerabilities (a9e466e8-4144-11e8-a292-00e04c1ea73d) (Drupalgeddon 2)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Drupal Security Team reports :\n\nCVE-2018-7600: Drupal before 7.58, 8.x before 8.3.9, 8.4.x before\n8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute\narbitrary code because of an issue affecting multiple subsystems with\ndefault or common module configurations.\"\n );\n # https://vuxml.freebsd.org/freebsd/a9e466e8-4144-11e8-a292-00e04c1ea73d.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8ffa708c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Drupal 8 SA-CORE-2018-002 RCE\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Drupal Drupalgeddon 2 Forms API Property Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:drupal7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/16\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"drupal7<7.57\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:43:23", "description": "Jasper Mattsson found a remote code execution vulnerability in the Drupal content management system. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised.\n\nFor further information please refer to the official upstream advisory at https://www.drupal.org/sa-core-2018-002.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 7.14-2+deb7u18.\n\nWe recommend that you upgrade your drupal7 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-03-29T00:00:00", "type": "nessus", "title": "Debian DLA-1325-1 : drupal7 security update (Drupalgeddon 2)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7600"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:drupal7", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1325.NASL", "href": "https://www.tenable.com/plugins/nessus/108695", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1325-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108695);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2018-7600\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"Debian DLA-1325-1 : drupal7 security update (Drupalgeddon 2)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Jasper Mattsson found a remote code execution vulnerability in the\nDrupal content management system. This potentially allows attackers to\nexploit multiple attack vectors on a Drupal site, which could result\nin the site being completely compromised.\n\nFor further information please refer to the official upstream advisory\nat https://www.drupal.org/sa-core-2018-002.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n7.14-2+deb7u18.\n\nWe recommend that you upgrade your drupal7 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/wheezy/drupal7\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.drupal.org/sa-core-2018-002\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the affected drupal7 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Drupal 7 SA-CORE-2018-002 RCE\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Drupal Drupalgeddon 2 Forms API Property Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:drupal7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"drupal7\", reference:\"7.14-2+deb7u18\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:42:31", "description": "A remote code execution vulnerability has been found in Drupal, a fully-featured content management framework. For additional information, please refer to the upstream advisory at https://www.drupal.org/sa-core-2018-002", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-03-29T00:00:00", "type": "nessus", "title": "Debian DSA-4156-1 : drupal7 - security update (Drupalgeddon 2)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7600"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:drupal7", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4156.NASL", "href": "https://www.tenable.com/plugins/nessus/108698", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4156. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108698);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2018-7600\");\n script_xref(name:\"DSA\", value:\"4156\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"Debian DSA-4156-1 : drupal7 - security update (Drupalgeddon 2)\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"A remote code execution vulnerability has been found in Drupal, a\nfully-featured content management framework. For additional\ninformation, please refer to the upstream advisory at\nhttps://www.drupal.org/sa-core-2018-002\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894259\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.drupal.org/sa-core-2018-002\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/drupal7\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/drupal7\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/drupal7\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4156\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the drupal7 packages.\n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 7.32-1+deb8u11.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 7.52-2+deb9u3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Drupal 8 SA-CORE-2018-002 RCE\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Drupal Drupalgeddon 2 Forms API Property Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:drupal7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/29\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"drupal7\", reference:\"7.32-1+deb8u11\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"drupal7\", reference:\"7.52-2+deb9u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:45:34", "description": "A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised.\n\nNote: This has been detected using an active check and should be remediated immediately.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-05-22T00:00:00", "type": "nessus", "title": "Drupal < 7.58 / 8.x < 8.3.9 / 8.4.x < 8.4.6 / 8.5.x < 8.5.1 Remote Code Execution", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7600"], "modified": "2021-09-07T00:00:00", "cpe": [], "id": "WEB_APPLICATION_SCANNING_98216", "href": "https://www.tenable.com/plugins/was/98216", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-17T15:05:00", "description": "The version of Drupal installed on the remote server is 7.x prior to 7.58, and is affected by a flaw in the 'preHandle()' function in 'core/lib/Drupal/Core/DrupalKernel.php' that is triggered as certain parameter keys within HTTP requests are not properly sanitized. This may allow a remote attacker to execute arbitrary code. This issue may be exploited using multiple unspecified attack vectors.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-03-29T00:00:00", "type": "nessus", "title": "Drupal 7.x < 7.58 RCE", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7600"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:drupal:drupal"], "id": "700224.PRM", "href": "https://www.tenable.com/plugins/nnm/700224", "sourceData": "Binary data 700224.prm", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:40:51", "description": "According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.58, 8.3.x prior to 8.3.9, 8.4.x prior to 8.4.6, or 8.5.x prior to 8.5.1. It is, therefore, affected by a remote code execution vulnerability.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-03-28T00:00:00", "type": "nessus", "title": "Drupal 7.x < 7.58 / 8.3.x < 8.3.9 / 8.4.x < 8.4.6 / 8.5.x < 8.5.1 Remote Code Execution Vulnerability (SA-CORE-2018-002)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7600"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:drupal:drupal"], "id": "DRUPAL_8_5_1.NASL", "href": "https://www.tenable.com/plugins/nessus/108688", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108688);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2018-7600\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"Drupal 7.x < 7.58 / 8.3.x < 8.3.9 / 8.4.x < 8.4.6 / 8.5.x < 8.5.1 Remote Code Execution Vulnerability (SA-CORE-2018-002)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A PHP application running on the remote web server is affected by a\nremote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the instance of Drupal running\non the remote web server is 7.x prior to 7.58, 8.3.x prior to 8.3.9,\n8.4.x prior to 8.4.6, or 8.5.x prior to 8.5.1. It is, therefore,\naffected by a remote code execution vulnerability.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.drupal.org/SA-CORE-2018-002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.drupal.org/project/drupal/releases/7.58\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.drupal.org/project/drupal/releases/8.3.9\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.drupal.org/project/drupal/releases/8.4.6\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.drupal.org/project/drupal/releases/8.5.1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Drupal version 7.58 / 8.3.9 / 8.4.6 / 8.5.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-7600\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Drupal 8 SA-CORE-2018-002 RCE\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Drupal Drupalgeddon 2 Forms API Property Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/28\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:drupal:drupal\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"drupal_detect.nasl\");\n script_require_keys(\"installed_sw/Drupal\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80, 443);\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"http.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nport = get_http_port(default:80, php:TRUE);\n\napp_info = vcf::get_app_info(app:\"Drupal\", port:port, webapp:true);\n\nvcf::check_granularity(app_info:app_info, sig_segments:2);\n\nconstraints = [\n { \"min_version\" : \"7.0\", \"max_version\" : \"7.57\", \"fixed_version\" : \"7.58\" },\n { \"min_version\" : \"8.3.0\", \"max_version\" : \"8.3.8\", \"fixed_version\" : \"8.3.9\" },\n { \"min_version\" : \"8.4.0\", \"max_version\" : \"8.4.5\", \"fixed_version\" : \"8.4.6\" },\n { \"min_version\" : \"8.5.0\", \"max_version\" : \"8.5.0\", \"fixed_version\" : \"8.5.1\" }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-23T15:03:19", "description": "According to its self-reported version number, the detected Drupal application is affected by a remote code execution vulnerability.\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-11-05T00:00:00", "type": "nessus", "title": "Drupal 8.4.x < 8.4.6 Remote Code Execution Vulnerability", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7600"], "modified": "2023-03-14T00:00:00", "cpe": ["cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98565", "href": "https://www.tenable.com/plugins/was/98565", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-23T15:03:30", "description": "According to its self-reported version number, the detected Drupal application is affected by a remote code execution vulnerability.\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-11-05T00:00:00", "type": "nessus", "title": "Drupal 8.5.x < 8.5.1 Remote Code Execution Vulnerability", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7600"], "modified": "2023-03-14T00:00:00", "cpe": ["cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98564", "href": "https://www.tenable.com/plugins/was/98564", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-23T15:03:31", "description": "According to its self-reported version number, the detected Drupal application is affected by a remote code execution vulnerability.\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-11-05T00:00:00", "type": "nessus", "title": "Drupal 8.2.x < 8.5.1 Remote Code Execution Vulnerability", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7600"], "modified": "2023-03-14T00:00:00", "cpe": ["cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98567", "href": "https://www.tenable.com/plugins/was/98567", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-23T15:03:45", "description": "According to its self-reported version number, the detected Drupal application is affected by a remote code execution vulnerability.\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-11-05T00:00:00", "type": "nessus", "title": "Drupal 8.3.x < 8.3.9 Remote Code Execution Vulnerability", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7600"], "modified": "2023-03-14T00:00:00", "cpe": ["cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98566", "href": "https://www.tenable.com/plugins/was/98566", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-23T15:03:35", "description": "According to its self-reported version number, the detected Drupal application is affected by a remote code execution vulnerability.\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-11-05T00:00:00", "type": "nessus", "title": "Drupal 8.1.x < 8.5.1 Remote Code Execution Vulnerability", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7600"], "modified": "2023-03-14T00:00:00", "cpe": ["cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98568", "href": "https://www.tenable.com/plugins/was/98568", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-17T15:05:00", "description": "The version of Drupal installed on the remote server is 8.x prior to 8.3.9, and is affected by a flaw in the 'preHandle()' function in 'core/lib/Drupal/Core/DrupalKernel.php' that is triggered as certain parameter keys within HTTP requests are not properly sanitized. This may allow a remote attacker to execute arbitrary code. This issue may be exploited using multiple unspecified attack vectors.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-03-29T00:00:00", "type": "nessus", "title": "Drupal 8.x < 8.3.9 RCE", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7600"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:drupal:drupal"], "id": "700228.PRM", "href": "https://www.tenable.com/plugins/nnm/700228", "sourceData": "Binary data 700228.prm", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-09T16:43:38", "description": "The Drupal CMS installed on the remote host is affected by a remote command execution vulnerability. A remote, unauthenticated attacker can leverage this issue to execute arbitrary commands on the remote host.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-04-13T00:00:00", "type": "nessus", "title": "Drupal Remote Code Execution Vulnerability (SA-CORE-2018-002) (exploit)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7600"], "modified": "2023-03-08T00:00:00", "cpe": ["cpe:/a:drupal:drupal"], "id": "DRUPAL_CVE-2018-7600_RCE.NBIN", "href": "https://www.tenable.com/plugins/nessus/109041", "sourceData": "Binary data drupal_CVE-2018-7600_rce.nbin", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-23T15:03:26", "description": "According to its self-reported version number, the detected Drupal application is affected by a remote code execution vulnerability.\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-11-05T00:00:00", "type": "nessus", "title": "Drupal 8.0.x < 8.5.1 Remote Code Execution Vulnerability", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7600"], "modified": "2023-03-14T00:00:00", "cpe": ["cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98569", "href": "https://www.tenable.com/plugins/was/98569", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-23T15:03:46", "description": "According to its self-reported version number, the detected Drupal application is affected by a remote code execution vulnerability.\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-11-05T00:00:00", "type": "nessus", "title": "Drupal 7.x < 7.58 Remote Code Execution Vulnerability", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7600"], "modified": "2023-03-14T00:00:00", "cpe": ["cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98570", "href": "https://www.tenable.com/plugins/was/98570", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:44:40", "description": "The OpenSSL project reports :\n\nThe OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-04-17T00:00:00", "type": "nessus", "title": "FreeBSD : OpenSSL -- Cache timing vulnerability (8f353420-4197-11e8-8777-b499baebfeaf)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0737"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:openssl", "p-cpe:/a:freebsd:freebsd:openssl-devel", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_8F353420419711E88777B499BAEBFEAF.NASL", "href": "https://www.tenable.com/plugins/nessus/109066", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109066);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/11/10 11:49:47\");\n\n script_cve_id(\"CVE-2018-0737\");\n\n script_name(english:\"FreeBSD : OpenSSL -- Cache timing vulnerability (8f353420-4197-11e8-8777-b499baebfeaf)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The OpenSSL project reports :\n\nThe OpenSSL RSA Key generation algorithm has been shown to be\nvulnerable to a cache timing side channel attack. An attacker with\nsufficient access to mount cache timing attacks during the RSA key\ngeneration process could recover the private key.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20180416.txt\"\n );\n # https://vuxml.freebsd.org/freebsd/8f353420-4197-11e8-8777-b499baebfeaf.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a4f11f3b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"openssl<1.0.2o_2,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"openssl-devel<1.1.0h_1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:47:30", "description": "The version of OpenSSL installed on the remote AIX host is affected by a side channel attack information disclosure vulnerability.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-07-26T00:00:00", "type": "nessus", "title": "AIX OpenSSL Advisory : openssl_advisory27.asc", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0737"], "modified": "2018-09-17T00:00:00", "cpe": ["cpe:/o:ibm:aix", "cpe:/a:openssl:openssl"], "id": "AIX_OPENSSL_ADVISORY27.NASL", "href": "https://www.tenable.com/plugins/nessus/111354", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111354);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/09/17 21:46:52\");\n\n script_cve_id(\"CVE-2018-0737\");\n script_bugtraq_id(103766);\n\n script_name(english:\"AIX OpenSSL Advisory : openssl_advisory27.asc\");\n script_summary(english:\"Checks the version of the OpenSSL packages and iFixes.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AIX host has a version of OpenSSL installed that is\naffected by an information disclosure vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of OpenSSL installed on the remote AIX host is affected by\na side channel attack information disclosure vulnerability.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://aix.software.ibm.com/aix/efixes/security/openssl_advisory27.asc\");\n script_set_attribute(attribute:\"solution\", value:\n\"A fix is available and can be downloaded from the IBM AIX website.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-0737\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"AIX Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\ninclude(\"aix.inc\");\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\noslevel = get_kb_item(\"Host/AIX/version\");\nif (isnull(oslevel)) audit(AUDIT_OS_NOT, \"AIX\");\n\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This AIX package check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\noslevel = oslevel - \"AIX-\";\n\nif ( oslevel != \"5.3\" && oslevel != \"6.1\" && oslevel != \"7.1\" && oslevel != \"7.2\")\n{\n audit(AUDIT_OS_NOT, \"AIX 5.3 / 6.1 / 7.1 / 7.2\", \"AIX \" + oslevel);\n}\n\nflag = 0;\npackage = \"openssl.base\";\n\n# 1.0.2.1500\nif (aix_check_package(release:\"5.3\", package:package, minpackagever:\"1.0.2.500\", maxpackagever:\"1.0.2.1300\", fixpackagever:\"1.0.2.1500\") > 0) flag++;\nif (aix_check_package(release:\"6.1\", package:package, minpackagever:\"1.0.2.500\", maxpackagever:\"1.0.2.1300\", fixpackagever:\"1.0.2.1500\") > 0) flag++;\nif (aix_check_package(release:\"7.1\", package:package, minpackagever:\"1.0.2.500\", maxpackagever:\"1.0.2.1300\", fixpackagever:\"1.0.2.1500\") > 0) flag++;\nif (aix_check_package(release:\"7.2\", package:package, minpackagever:\"1.0.2.500\", maxpackagever:\"1.0.2.1300\", fixpackagever:\"1.0.2.1500\") > 0) flag++;\n\n# 20.13.102.1500\nif (aix_check_package(release:\"5.3\", package:package, minpackagever:\"20.13.102.1000\", maxpackagever:\"20.13.102.1300\", fixpackagever:\"20.13.102.1500\") > 0) flag++;\nif (aix_check_package(release:\"6.1\", package:package, minpackagever:\"20.13.102.1000\", maxpackagever:\"20.13.102.1300\", fixpackagever:\"20.13.102.1500\") > 0) flag++;\nif (aix_check_package(release:\"7.1\", package:package, minpackagever:\"20.13.102.1000\", maxpackagever:\"20.13.102.1300\", fixpackagever:\"20.13.102.1500\") > 0) flag++;\nif (aix_check_package(release:\"7.2\", package:package, minpackagever:\"20.13.102.1000\", maxpackagever:\"20.13.102.1300\", fixpackagever:\"20.13.102.1500\") > 0) flag++;\n\nif (flag)\n{\n aix_report_extra = ereg_replace(string:aix_report_get(), pattern:\"[()]\", replace:\"\");\n aix_report_extra = ereg_replace(string:aix_report_extra, pattern:\"[|]\", replace:\" or \");\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : aix_report_extra\n );\n}\nelse\n{\n tested = aix_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, package);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:48:45", "description": "An update of 'openssl' packages of Photon OS has been released.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-08-17T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Openssl PHSA-2018-2.0-0078 (deprecated)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0737"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:openssl", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2018-2_0-0078.NASL", "href": "https://www.tenable.com/plugins/nessus/111962", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2/7/2019\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-2.0-0078. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111962);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/02/07 18:59:51\");\n\n script_cve_id(\"CVE-2018-0737\");\n\n script_name(english:\"Photon OS 2.0: Openssl PHSA-2018-2.0-0078 (deprecated)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of 'openssl' packages of Photon OS has been released.\");\n # https://github.com/vmware/photon/wiki/Security-Updates-2-78\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e65c000d\");\n script_set_attribute(attribute:\"solution\", value:\"n/a.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-0737\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\npkgs = [\n \"openssl-1.0.2o-2.ph2\",\n \"openssl-debuginfo-1.0.2o-2.ph2\",\n \"openssl-devel-1.0.2o-2.ph2\",\n \"openssl-perl-1.0.2o-2.ph2\"\n];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"PhotonOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:50:37", "description": "This update for openssl fixes the following issues :\n\nThese security issues were fixed :\n\nPrevent One&Done side-channel attack on RSA that allowed physically near attackers to use EM emanations to recover information (bsc#1104789)\n\nCVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have recovered the private key (bsc#1089039)\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-10-22T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : openssl (SUSE-SU-2018:2928-2)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0737"], "modified": "2022-02-04T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libopenssl-devel", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:openssl-debuginfo", "p-cpe:/a:novell:suse_linux:openssl-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-2928-2.NASL", "href": "https://www.tenable.com/plugins/nessus/118296", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:2928-2.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118296);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/04\");\n\n script_cve_id(\"CVE-2018-0737\");\n\n script_name(english:\"SUSE SLES12 Security Update : openssl (SUSE-SU-2018:2928-2)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for openssl fixes the following issues :\n\nThese security issues were fixed :\n\nPrevent One&Done side-channel attack on RSA that allowed physically\nnear attackers to use EM emanations to recover information\n(bsc#1104789)\n\nCVE-2018-0737: The RSA Key generation algorithm has been shown to be\nvulnerable to a cache timing side channel attack. An attacker with\nsufficient access to mount cache timing attacks during the RSA key\ngeneration process could have recovered the private key (bsc#1089039)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089039\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101246\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104789\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997043\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-0737/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20182928-2/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?496c3ed2\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2018-2069=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-0737\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenssl-devel-1.0.2j-60.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-1.0.2j-60.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.2j-60.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-1.0.2j-60.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-hmac-1.0.2j-60.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.2j-60.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"openssl-1.0.2j-60.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"openssl-debuginfo-1.0.2j-60.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"openssl-debugsource-1.0.2j-60.39.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:49:22", "description": "This update for openssl fixes the following issues :\n\nThese security issues were fixed :\n\nPrevent One&Done side-channel attack on RSA that allowed physically near attackers to use EM emanations to recover information (bsc#1104789)\n\nCVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have recovered the private key (bsc#1089039)\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-10-01T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2018:2928-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0737"], "modified": "2022-02-17T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libopenssl-devel", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:openssl-debuginfo", "p-cpe:/a:novell:suse_linux:openssl-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-2928-1.NASL", "href": "https://www.tenable.com/plugins/nessus/117858", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:2928-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117858);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/17\");\n\n script_cve_id(\"CVE-2018-0737\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2018:2928-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for openssl fixes the following issues :\n\nThese security issues were fixed :\n\nPrevent One&Done side-channel attack on RSA that allowed physically\nnear attackers to use EM emanations to recover information\n(bsc#1104789)\n\nCVE-2018-0737: The RSA Key generation algorithm has been shown to be\nvulnerable to a cache timing side channel attack. An attacker with\nsufficient access to mount cache timing attacks during the RSA key\ngeneration process could have recovered the private key (bsc#1089039)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089039\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101246\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104789\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997043\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-0737/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20182928-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5d6e775f\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2018-2069=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-2069=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2018-2069=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-2069=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-2069=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-2069=1\n\nSUSE Enterprise Storage 4:zypper in -t patch\nSUSE-Storage-4-2018-2069=1\n\nSUSE CaaS Platform ALL :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\n\nSUSE CaaS Platform 3.0 :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2069=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-0737\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libopenssl-devel-1.0.2j-60.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libopenssl1_0_0-1.0.2j-60.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libopenssl1_0_0-32bit-1.0.2j-60.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libopenssl1_0_0-debuginfo-1.0.2j-60.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libopenssl1_0_0-hmac-1.0.2j-60.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.2j-60.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"openssl-1.0.2j-60.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"openssl-debuginfo-1.0.2j-60.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"openssl-debugsource-1.0.2j-60.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libopenssl-devel-1.0.2j-60.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libopenssl1_0_0-1.0.2j-60.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libopenssl1_0_0-32bit-1.0.2j-60.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libopenssl1_0_0-debuginfo-1.0.2j-60.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libopenssl1_0_0-hmac-1.0.2j-60.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.2j-60.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"openssl-1.0.2j-60.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"openssl-debuginfo-1.0.2j-60.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"openssl-debugsource-1.0.2j-60.39.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libopenssl-devel-1.0.2j-60.39.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-1.0.2j-60.39.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.2j-60.39.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-1.0.2j-60.39.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.39.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"openssl-1.0.2j-60.39.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"openssl-debuginfo-1.0.2j-60.39.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"openssl-debugsource-1.0.2j-60.39.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:49:40", "description": "This update for openssl fixes the following issues :\n\nThese security issues were fixed :\n\n - Prevent One&Done side-channel attack on RSA that allowed physically near attackers to use EM emanations to recover information (bsc#1104789)\n\n - CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have recovered the private key (bsc#1089039)\n\nThese non-security issues were fixed :\n\n - Add openssl(cli) Provide so the packages that require the openssl binary can require this instead of the new openssl meta package (bsc#1101470)\n\n - Fixed path to the engines which are under /lib64 on SLE-12 (bsc#1101246, bsc#997043)\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update project.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-10-01T00:00:00", "type": "nessus", "title": "openSUSE Security Update : openssl (openSUSE-2018-1091)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0737"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libopenssl-devel", "p-cpe:/a:novell:opensuse:libopenssl-devel-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac-32bit", "p-cpe:/a:novell:opensuse:openssl", "p-cpe:/a:novell:opensuse:openssl-cavs", "p-cpe:/a:novell:opensuse:openssl-cavs-debuginfo", "p-cpe:/a:novell:opensuse:openssl-debuginfo", "p-cpe:/a:novell:opensuse:openssl-debugsource", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-1091.NASL", "href": "https://www.tenable.com/plugins/nessus/117857", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1091.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(117857);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-0737\");\n\n script_name(english:\"openSUSE Security Update : openssl (openSUSE-2018-1091)\");\n script_summary(english:\"Check for the openSUSE-2018-1091 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openssl fixes the following issues :\n\nThese security issues were fixed :\n\n - Prevent One&Done side-channel attack on RSA that allowed\n physically near attackers to use EM emanations to\n recover information (bsc#1104789)\n\n - CVE-2018-0737: The RSA Key generation algorithm has been\n shown to be vulnerable to a cache timing side channel\n attack. An attacker with sufficient access to mount\n cache timing attacks during the RSA key generation\n process could have recovered the private key\n (bsc#1089039)\n\nThese non-security issues were fixed :\n\n - Add openssl(cli) Provide so the packages that require\n the openssl binary can require this instead of the new\n openssl meta package (bsc#1101470)\n\n - Fixed path to the engines which are under /lib64 on\n SLE-12 (bsc#1101246, bsc#997043)\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1089039\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101246\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104789\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=997043\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-cavs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-cavs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libopenssl-devel-1.0.2j-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libopenssl1_0_0-1.0.2j-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libopenssl1_0_0-debuginfo-1.0.2j-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libopenssl1_0_0-hmac-1.0.2j-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"openssl-1.0.2j-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"openssl-cavs-1.0.2j-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"openssl-cavs-debuginfo-1.0.2j-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"openssl-debuginfo-1.0.2j-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"openssl-debugsource-1.0.2j-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libopenssl-devel-32bit-1.0.2j-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.2j-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.2j-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.2j-29.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenssl-devel / libopenssl-devel-32bit / libopenssl1_0_0 / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:45:27", "description": "RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys :\n\nOpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover parts of the private key. (CVE-2018-0737)", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-04-20T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : openssl (ALAS-2018-1000)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0737"], "modified": "2018-08-31T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:openssl", "p-cpe:/a:amazon:linux:openssl-debuginfo", "p-cpe:/a:amazon:linux:openssl-devel", "p-cpe:/a:amazon:linux:openssl-perl", "p-cpe:/a:amazon:linux:openssl-static", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2018-1000.NASL", "href": "https://www.tenable.com/plugins/nessus/109182", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2018-1000.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109182);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/08/31 12:25:01\");\n\n script_cve_id(\"CVE-2018-0737\");\n script_xref(name:\"ALAS\", value:\"2018-1000\");\n\n script_name(english:\"Amazon Linux AMI : openssl (ALAS-2018-1000)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c\nallows attackers to recover private keys :\n\nOpenSSL RSA key generation was found to be vulnerable to cache\nside-channel attacks. An attacker with sufficient access to mount\ncache timing attacks during the RSA key generation process could\nrecover parts of the private key. (CVE-2018-0737)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2018-1000.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update openssl' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"openssl-1.0.2k-8.107.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-debuginfo-1.0.2k-8.107.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-devel-1.0.2k-8.107.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-perl-1.0.2k-8.107.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-static-1.0.2k-8.107.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:48:48", "description": "An update of the openssl package has been released.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Openssl PHSA-2018-2.0-0078", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0737"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:openssl", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2018-2_0-0078_OPENSSL.NASL", "href": "https://www.tenable.com/plugins/nessus/121975", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-2.0-0078. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121975);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2019/02/07\");\n\n script_cve_id(\"CVE-2018-0737\");\n\n script_name(english:\"Photon OS 2.0: Openssl PHSA-2018-2.0-0078\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the openssl package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-78.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-0737\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"openssl-1.0.2o-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"openssl-debuginfo-1.0.2o-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"openssl-devel-1.0.2o-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"openssl-perl-1.0.2o-2.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:49:10", "description": "This update for openssl-1_1 fixes the following issues :\n\nSecurity issues fixed :\n\n - The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations (bsc#1117951)\n\n - Fix FIPS RSA generator (bsc#1118913)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-02-11T00:00:00", "type": "nessus", "title": "openSUSE Security Update : openssl-1_1 (openSUSE-2019-152)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0737"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libopenssl-1_1-devel", "p-cpe:/a:novell:opensuse:libopenssl-1_1-devel-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_1", "p-cpe:/a:novell:opensuse:libopenssl1_1-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_1-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl1_1-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl1_1-hmac", "p-cpe:/a:novell:opensuse:libopenssl1_1-hmac-32bit", "p-cpe:/a:novell:opensuse:openssl-1_1", "p-cpe:/a:novell:opensuse:openssl-1_1-debuginfo", "p-cpe:/a:novell:opensuse:openssl-1_1-debugsource", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-152.NASL", "href": "https://www.tenable.com/plugins/nessus/122088", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-152.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122088);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-0737\");\n\n script_name(english:\"openSUSE Security Update : openssl-1_1 (openSUSE-2019-152)\");\n script_summary(english:\"Check for the openSUSE-2019-152 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openssl-1_1 fixes the following issues :\n\nSecurity issues fixed :\n\n - The 9 Lives of Bleichenbacher's CAT: Cache Attacks on\n TLS Implementations (bsc#1117951)\n\n - Fix FIPS RSA generator (bsc#1118913)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117951\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118913\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl-1_1 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-1_1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-1_1-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_1-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_1-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_1-hmac-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-1_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-1_1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-1_1-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libopenssl-1_1-devel-1.1.0i-lp150.3.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libopenssl1_1-1.1.0i-lp150.3.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libopenssl1_1-debuginfo-1.1.0i-lp150.3.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libopenssl1_1-hmac-1.1.0i-lp150.3.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"openssl-1_1-1.1.0i-lp150.3.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"openssl-1_1-debuginfo-1.1.0i-lp150.3.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"openssl-1_1-debugsource-1.1.0i-lp150.3.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libopenssl-1_1-devel-32bit-1.1.0i-lp150.3.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libopenssl1_1-32bit-1.1.0i-lp150.3.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libopenssl1_1-32bit-debuginfo-1.1.0i-lp150.3.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libopenssl1_1-hmac-32bit-1.1.0i-lp150.3.18.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenssl-1_1-devel / libopenssl-1_1-devel-32bit / libopenssl1_1 / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:48:25", "description": "An update of the openssl package has been released.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Openssl PHSA-2018-1.0-0149", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0737"], "modified": "2022-05-24T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:openssl", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2018-1_0-0149_OPENSSL.NASL", "href": "https://www.tenable.com/plugins/nessus/121848", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-1.0-0149. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121848);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/24\");\n\n script_cve_id(\"CVE-2018-0737\");\n\n script_name(english:\"Photon OS 1.0: Openssl PHSA-2018-1.0-0149\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the openssl package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-149.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-0737\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openssl-1.0.2o-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openssl-debuginfo-1.0.2o-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openssl-devel-1.0.2o-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openssl-perl-1.0.2o-2.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:47:49", "description": "This update for openssl-1_1 fixes the following issues :\n\nSecurity issues fixed :\n\nThe 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations (bsc#1117951)\n\nFix FIPS RSA generator (bsc#1118913)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-01-30T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : openssl-1_1 (SUSE-SU-2019:0197-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0737"], "modified": "2020-02-20T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libopenssl-1_1-devel", "p-cpe:/a:novell:suse_linux:libopenssl1_1", "p-cpe:/a:novell:suse_linux:libopenssl1_1-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libopenssl1_1-debuginfo", "p-cpe:/a:novell:suse_linux:libopenssl1_1-hmac", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:openssl-1_1-debuginfo", "p-cpe:/a:novell:suse_linux:openssl-1_1-debugsource", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-0197-1.NASL", "href": "https://www.tenable.com/plugins/nessus/121467", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0197-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121467);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/20\");\n\n script_cve_id(\"CVE-2018-0737\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : openssl-1_1 (SUSE-SU-2019:0197-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openssl-1_1 fixes the following issues :\n\nSecurity issues fixed :\n\nThe 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS\nImplementations (bsc#1117951)\n\nFix FIPS RSA generator (bsc#1118913)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117951\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-0737/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190197-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0e0b1a64\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2019-197=1\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2019-197=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl-1_1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_1-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_1-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-1_1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-1_1-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl-1_1-devel-32bit-1.1.0i-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_1-32bit-1.1.0i-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_1-32bit-debuginfo-1.1.0i-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_1-hmac-32bit-1.1.0i-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libopenssl-1_1-devel-1.1.0i-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libopenssl1_1-1.1.0i-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libopenssl1_1-debuginfo-1.1.0i-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libopenssl1_1-hmac-1.1.0i-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"openssl-1_1-1.1.0i-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"openssl-1_1-debuginfo-1.1.0i-4.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"openssl-1_1-debugsource-1.1.0i-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl-1_1-devel-32bit-1.1.0i-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_1-32bit-1.1.0i-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_1-32bit-debuginfo-1.1.0i-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_1-hmac-32bit-1.1.0i-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libopenssl-1_1-devel-1.1.0i-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libopenssl1_1-1.1.0i-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libopenssl1_1-debuginfo-1.1.0i-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libopenssl1_1-hmac-1.1.0i-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"openssl-1_1-1.1.0i-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"openssl-1_1-debuginfo-1.1.0i-4.18.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"openssl-1_1-debugsource-1.1.0i-4.18.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl-1_1\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:48:41", "description": "This update for openssl fixes the following security issue :\n\n - CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have recovered the private key (bsc#1089039)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-08-24T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : openssl (SUSE-SU-2018:2486-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0737"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libopenssl0_9_8", "p-cpe:/a:novell:suse_linux:libopenssl0_9_8-hmac", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:openssl-doc", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2018-2486-1.NASL", "href": "https://www.tenable.com/plugins/nessus/112108", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:2486-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(112108);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-0737\");\n\n script_name(english:\"SUSE SLES11 Security Update : openssl (SUSE-SU-2018:2486-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openssl fixes the following security issue :\n\n - CVE-2018-0737: The RSA Key generation algorithm has been\n shown to be vulnerable to a cache timing side channel\n attack. An attacker with sufficient access to mount\n cache timing attacks during the RSA key generation\n process could have recovered the private key\n (bsc#1089039)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089039\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-0737/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20182486-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?245f4f46\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Studio Onsite 1.3:zypper in -t patch slestso13-openssl-13750=1\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-openssl-13750=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-openssl-13750=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-openssl-13750=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl0_9_8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl0_9_8-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.106.15.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.15.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.106.15.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.15.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libopenssl0_9_8-0.9.8j-0.106.15.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libopenssl0_9_8-hmac-0.9.8j-0.106.15.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"openssl-0.9.8j-0.106.15.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"openssl-doc-0.9.8j-0.106.15.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:49:16", "description": "This update for openssl fixes the following security issue :\n\n - CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have recovered the private key (bsc#1089039).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-08-28T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : openssl (SUSE-SU-2018:2492-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0737"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libopenssl1_0_0", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:openssl-debuginfo", "p-cpe:/a:novell:suse_linux:openssl-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-2492-1.NASL", "href": "https://www.tenable.com/plugins/nessus/112145", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:2492-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(112145);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-0737\");\n\n script_name(english:\"SUSE SLES12 Security Update : openssl (SUSE-SU-2018:2492-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for openssl fixes the following security issue :\n\n - CVE-2018-0737: The RSA Key generation algorithm has been\n shown to be vulnerable to a cache timing side channel\n attack. An attacker with sufficient access to mount\n cache timing attacks during the RSA key generation\n process could have recovered the private key\n (bsc#1089039).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089039\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-0737/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20182492-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d7f4be90\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2018-1752=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2018-1752=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libopenssl1_0_0-1.0.1i-54.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libopenssl1_0_0-32bit-1.0.1i-54.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libopenssl1_0_0-debuginfo-1.0.1i-54.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1i-54.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libopenssl1_0_0-hmac-1.0.1i-54.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.1i-54.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"openssl-1.0.1i-54.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"openssl-debuginfo-1.0.1i-54.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"openssl-debugsource-1.0.1i-54.17.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:52:14", "description": "According to the version of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :\n\n - OpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover parts of the private key.i1/4^CVE-2018-0737i1/4%0\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-11-21T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.5.1 : openssl (EulerOS-SA-2018-1383)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0737"], "modified": "2021-04-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openssl", "p-cpe:/a:huawei:euleros:openssl-devel", "p-cpe:/a:huawei:euleros:openssl-libs", "cpe:/o:huawei:euleros:uvp:2.5.1"], "id": "EULEROS_SA-2018-1383.NASL", "href": "https://www.tenable.com/plugins/nessus/119074", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119074);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/08\");\n\n script_cve_id(\n \"CVE-2018-0737\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.5.1 : openssl (EulerOS-SA-2018-1383)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the openssl packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerability :\n\n - OpenSSL RSA key generation was found to be vulnerable\n to cache side-channel attacks. An attacker with\n sufficient access to mount cache timing attacks during\n the RSA key generation process could recover parts of\n the private key.i1/4^CVE-2018-0737i1/4%0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1383\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5db9b5cf\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.5.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.5.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.5.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"openssl-1.0.1e-60.1.h3\",\n \"openssl-devel-1.0.1e-60.1.h3\",\n \"openssl-libs-1.0.1e-60.1.h3\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "cve": [{"lastseen": "2023-02-09T14:23:34", "description": "Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the length field of the ASN.1 object. If there is not enough content octets in the ASN.1 object, then the function will fail and the memory block will be zeroed even if its unused. There is a noticeable delay during the wipe for a large allocation.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-01-30T21:59:00", "type": "cve", "title": "CVE-2016-9939", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9939"], "modified": "2019-06-01T06:29:00", "cpe": ["cpe:/a:cryptopp:crypto\\+\\+:5.6.4", "cpe:/o:debian:debian_linux:8.0"], "id": "CVE-2016-9939", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9939", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:cryptopp:crypto\\+\\+:5.6.4:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:18:26", "description": "Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-09-18T15:29:00", "type": "cve", "title": "CVE-2017-9798", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2021-06-06T11:15:00", "cpe": ["cpe:/a:apache:http_server:2.4.18", "cpe:/a:apache:http_server:2.4.7", "cpe:/a:apache:http_server:2.4.17", "cpe:/a:apache:http_server:2.4.23", "cpe:/a:apache:http_server:2.4.3", "cpe:/a:apache:http_server:2.4.1", "cpe:/a:apache:http_server:2.4.10", "cpe:/o:debian:debian_linux:9.0", "cpe:/a:apache:http_server:2.4.2", "cpe:/a:apache:http_server:2.4.26", "cpe:/a:apache:http_server:2.4.16", "cpe:/a:apache:http_server:2.4.12", "cpe:/a:apache:http_server:2.4.9", "cpe:/a:apache:http_server:2.4.0", "cpe:/a:apache:http_server:2.4.20", "cpe:/a:apache:http_server:2.4.6", "cpe:/o:debian:debian_linux:7.0", "cpe:/a:apache:http_server:2.4.25", "cpe:/a:apache:http_server:2.2.34", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:apache:http_server:2.4.4", "cpe:/a:apache:http_server:2.4.27"], "id": "CVE-2017-9798", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9798", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.34:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:31:33", "description": "Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-03-29T07:29:00", "type": "cve", "title": "CVE-2018-7600", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7600"], "modified": "2019-03-01T18:04:00", "cpe": ["cpe:/o:debian:debian_linux:9.0", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:drupal:drupal:7.57"], "id": "CVE-2018-7600", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7600", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:drupal:drupal:7.57:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:00:46", "description": "The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-04-16T18:29:00", "type": "cve", "title": "CVE-2018-0737", "cwe": ["CWE-327"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0737"], "modified": "2021-07-20T23:15:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/a:openssl:openssl:1.0.2o", "cpe:/a:openssl:openssl:1.1.0h"], "id": "CVE-2018-0737", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0737", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2o:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:a:openssl:openssl:1.1.0h:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-24T12:54:23", "description": "Gergely Gabor Nagy from Tresorit\ndiscovered that libcrypto++, a C++ cryptographic library, contained a bug in\nseveral ASN.1 parsing routines. This would allow an attacker to remotely cause a\ndenial of service.", "cvss3": {}, "published": "2016-12-26T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3748-1 (libcrypto++ - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9939"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703748", "href": "http://plugins.openvas.org/nasl.php?oid=703748", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3748.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3748-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703748);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2016-9939\");\n script_name(\"Debian Security Advisory DSA 3748-1 (libcrypto++ - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-12-26 00:00:00 +0100 (Mon, 26 Dec 2016)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3748.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"libcrypto++ on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthis problem has been fixed in version 5.6.1-6+deb8u3.\n\nFor the testing (stretch) and unstable (sid) distributions, this\nproblem has been fixed in version 5.6.4-5.\n\nWe recommend that you upgrade your libcrypto++ packages.\");\n script_tag(name: \"summary\", value: \"Gergely Gabor Nagy from Tresorit\ndiscovered that libcrypto++, a C++ cryptographic library, contained a bug in\nseveral ASN.1 parsing routines. This would allow an attacker to remotely cause a\ndenial of service.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libcrypto++-dev\", ver:\"5.6.1-6+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcrypto++-doc\", ver:\"5.6.1-6+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcrypto++-utils\", ver:\"5.6.1-6+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcrypto++9\", ver:\"5.6.1-6+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcrypto++9-dbg\", ver:\"5.6.1-6+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcrypto++-dev\", ver:\"5.6.4-5\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcrypto++-doc\", ver:\"5.6.4-5\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcrypto++-utils\", ver:\"5.6.4-5\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcrypto++6\", ver:\"5.6.4-5\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcrypto++6-dbg\", ver:\"5.6.4-5\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:35:04", "description": "Gergely Gabor Nagy from Tresorit\ndiscovered that libcrypto++, a C++ cryptographic library, contained a bug in\nseveral ASN.1 parsing routines. This would allow an attacker to remotely cause a\ndenial of service.", "cvss3": {}, "published": "2016-12-26T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3748-1 (libcrypto++ - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9939"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703748", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703748", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3748.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Auto-generated from advisory DSA 3748-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703748\");\n script_version(\"$Revision: 14275 $\");\n script_cve_id(\"CVE-2016-9939\");\n script_name(\"Debian Security Advisory DSA 3748-1 (libcrypto++ - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-26 00:00:00 +0100 (Mon, 26 Dec 2016)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3748.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(8|9)\");\n script_tag(name:\"affected\", value:\"libcrypto++ on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthis problem has been fixed in version 5.6.1-6+deb8u3.\n\nFor the testing (stretch) and unstable (sid) distributions, this\nproblem has been fixed in version 5.6.4-5.\n\nWe recommend that you upgrade your libcrypto++ packages.\");\n script_tag(name:\"summary\", value:\"Gergely Gabor Nagy from Tresorit\ndiscovered that libcrypto++, a C++ cryptographic library, contained a bug in\nseveral ASN.1 parsing routines. This would allow an attacker to remotely cause a\ndenial of service.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libcrypto++-dev\", ver:\"5.6.1-6+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcrypto++-doc\", ver:\"5.6.1-6+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcrypto++-utils\", ver:\"5.6.1-6+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcrypto++9\", ver:\"5.6.1-6+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcrypto++9-dbg\", ver:\"5.6.1-6+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcrypto++-dev\", ver:\"5.6.4-5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcrypto++-doc\", ver:\"5.6.4-5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcrypto++-utils\", ver:\"5.6.4-5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcrypto++6\", ver:\"5.6.4-5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcrypto++6-dbg\", ver:\"5.6.4-5\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:32", "description": "Hanno Boeck discovered that incorrect parsing of Limit directives of\n.htaccess files by the Apache HTTP Server could result in memory\ndisclosure.", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3980-1 (apache2 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9798"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703980", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703980", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_3980.nasl 14280 2019-03-18 14:50:45Z cfischer $\n#\n# Auto-generated from advisory DSA 3980-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703980\");\n script_version(\"$Revision: 14280 $\");\n script_cve_id(\"CVE-2017-9798\");\n script_name(\"Debian Security Advisory DSA 3980-1 (apache2 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:50:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 00:00:00 +0200 (Wed, 20 Sep 2017)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3980.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(9|8)\");\n script_tag(name:\"affected\", value:\"apache2 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), this problem has been fixed\nin version 2.4.10-10+deb8u11.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 2.4.25-3+deb9u3.\n\nWe recommend that you upgrade your apache2 packages.\");\n script_tag(name:\"summary\", value:\"Hanno Boeck discovered that incorrect parsing of Limit directives of\n.htaccess files by the Apache HTTP Server could result in memory\ndisclosure.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.4.25-3+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-bin\", ver:\"2.4.25-3+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-data\", ver:\"2.4.25-3+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-dbg\", ver:\"2.4.25-3+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-dev\", ver:\"2.4.25-3+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.4.25-3+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-ssl-dev\", ver:\"2.4.25-3+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-suexec-custom\", ver:\"2.4.25-3+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-suexec-pristine\", ver:\"2.4.25-3+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.4.25-3+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-bin\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-data\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-dbg\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-dev\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-mpm-itk\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-suexec\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-suexec-custom\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-suexec-pristine\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2.2-bin\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libapache2-mod-macro\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libapache2-mod-proxy-html\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:34:06", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-28T00:00:00", "type": "openvas", "title": "Fedora Update for httpd FEDORA-2017-a52f252521", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9798"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873446", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873446", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_a52f252521_httpd_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for httpd FEDORA-2017-a52f252521\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873446\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-28 09:14:48 +0200 (Thu, 28 Sep 2017)\");\n script_cve_id(\"CVE-2017-9798\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for httpd FEDORA-2017-a52f252521\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'httpd'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"httpd on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-a52f252521\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R4JEOCEFPTVRSQESLYQKPEEKR3XN7LBV\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.4.27~3.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-29T20:09:29", "description": "Hanno Boeck discovered that incorrect parsing of Limit directives of\n.htaccess files by the Apache HTTP Server could result in memory\ndisclosure.", "cvss3": {}, "published": "2018-02-07T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for apache2 (DLA-1102-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9798"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891102", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891102", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891102\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-9798\");\n script_name(\"Debian LTS: Security Advisory for apache2 (DLA-1102-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-07 00:00:00 +0100 (Wed, 07 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/09/msg00019.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"apache2 on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n2.2.22-13+deb7u12.\n\nWe recommend that you upgrade your apache2 packages.\");\n\n script_tag(name:\"summary\", value:\"Hanno Boeck discovered that incorrect parsing of Limit directives of\n.htaccess files by the Apache HTTP Server could result in memory\ndisclosure.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.22-13+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-dbg\", ver:\"2.2.22-13+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.22-13+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.22-13+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-mpm-itk\", ver:\"2.2.22-13+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.22-13+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.22-13+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.22-13+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-suexec\", ver:\"2.2.22-13+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-suexec-custom\", ver:\"2.2.22-13+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.22-13+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.22-13+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2.2-bin\", ver:\"2.2.22-13+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.22-13+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:34:26", "description": "Check the version of httpd", "cvss3": {}, "published": "2017-10-12T00:00:00", "type": "openvas", "title": "CentOS Update for httpd CESA-2017:2882 centos7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9798"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882784", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882784", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_CESA-2017_2882_httpd_centos7.nasl 14058 2019-03-08 13:25:52Z cfischer $\n#\n# CentOS Update for httpd CESA-2017:2882 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882784\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-12 10:25:42 +0200 (Thu, 12 Oct 2017)\");\n script_cve_id(\"CVE-2017-9798\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for httpd CESA-2017:2882 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of httpd\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The httpd packages provide the Apache\nHTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n * A use-after-free flaw was found in the way httpd handled invalid and\npreviously unregistered HTTP methods specified in the Limit directive used\nin an .htaccess file. A remote attacker could possibly use this flaw to\ndisclose portions of the server memory, or cause httpd child process to\ncrash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno Bock for reporting this issue.\");\n script_tag(name:\"affected\", value:\"httpd on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:2882\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-October/022565.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.4.6~67.el7.centos.5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.4.6~67.el7.centos.5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.4.6~67.el7.centos.5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-tools\", rpm:\"httpd-tools~2.4.6~67.el7.centos.5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ldap\", rpm:\"mod_ldap~2.4.6~67.el7.centos.5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_proxy_html\", rpm:\"mod_proxy_html~2.4.6~67.el7.centos.5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_session\", rpm:\"mod_session~2.4.6~67.el7.centos.5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.4.6~67.el7.centos.5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:34:00", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-10-12T00:00:00", "type": "openvas", "title": "RedHat Update for httpd RHSA-2017:2882-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9798"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310812035", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812035", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_RHSA-2017_2882-01_httpd.nasl 12497 2018-11-23 08:28:21Z cfischer $\n#\n# RedHat Update for httpd RHSA-2017:2882-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812035\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-12 10:24:50 +0200 (Thu, 12 Oct 2017)\");\n script_cve_id(\"CVE-2017-9798\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for httpd RHSA-2017:2882-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'httpd'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The httpd packages provide the Apache HTTP\nServer, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n * A use-after-free flaw was found in the way httpd handled invalid and\npreviously unregistered HTTP methods specified in the Limit directive used\nin an .htaccess file. A remote attacker could possibly use this flaw to\ndisclose portions of the server memory, or cause httpd child process to\ncrash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno Bck for reporting this issue.\");\n script_tag(name:\"affected\", value:\"httpd on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:2882-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-October/msg00010.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.4.6~67.el7_4.5\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.4.6~67.el7_4.5\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-debuginfo\", rpm:\"httpd-debuginfo~2.4.6~67.el7_4.5\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.4.6~67.el7_4.5\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-tools\", rpm:\"httpd-tools~2.4.6~67.el7_4.5\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_session\", rpm:\"mod_session~2.4.6~67.el7_4.5\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.4.6~67.el7_4.5\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-27T18:33:30", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2017-1253)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9798"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171253", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171253", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1253\");\n script_version(\"2020-01-23T11:01:28+0000\");\n script_cve_id(\"CVE-2017-9798\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:01:28 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:01:28 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2017-1253)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1253\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1253\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'httpd' package(s) announced via the EulerOS-SA-2017-1253 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\");\n\n script_tag(name:\"affected\", value:\"'httpd' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.4.6~45.0.1.4.h5\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.4.6~45.0.1.4.h5\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.4.6~45.0.1.4.h5\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd-tools\", rpm:\"httpd-tools~2.4.6~45.0.1.4.h5\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.4.6~45.0.1.4.h5\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-27T18:34:19", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2017-1252)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9798"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171252", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171252", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1252\");\n script_version(\"2020-01-23T11:01:27+0000\");\n script_cve_id(\"CVE-2017-9798\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:01:27 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:01:27 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2017-1252)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1252\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1252\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'httpd' package(s) announced via the EulerOS-SA-2017-1252 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\");\n\n script_tag(name:\"affected\", value:\"'httpd' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.4.6~45.0.1.4.h8\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.4.6~45.0.1.4.h8\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.4.6~45.0.1.4.h8\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd-tools\", rpm:\"httpd-tools~2.4.6~45.0.1.4.h8\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.4.6~45.0.1.4.h8\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-05-08T18:58:25", "description": "Apache HTTP server allows remote attackers to read secret data\n from process memory if the Limit directive can be set in a user", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Apache HTTP Server OPTIONS Memory Leak Vulnerability (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9798"], "modified": "2020-05-06T00:00:00", "id": "OPENVAS:1361412562310112048", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310112048", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apache HTTP Server OPTIONS Memory Leak Vulnerability (Optionsbleed)\n#\n# Authors:\n# Christian Fischer <christian.fischer@greenbone.net>\n# Jan Philipp Schulte <jan.schulte@greenbone.net>\n# Adrian Steins <adrian.steins@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, https://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:http_server\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.112048\");\n script_version(\"2020-05-06T12:58:00+0000\");\n script_tag(name:\"last_modification\", value:\"2020-05-06 12:58:00 +0000 (Wed, 06 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:53:35 +0200 (Wed, 20 Sep 2017)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2017-9798\");\n script_bugtraq_id(100872);\n script_name(\"Apache HTTP Server OPTIONS Memory Leak Vulnerability (Optionsbleed)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"secpod_apache_detect.nasl\", \"no404.nasl\", \"webmirror.nasl\", \"DDI_Directory_Scanner.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"apache/installed\");\n\n script_xref(name:\"URL\", value:\"http://openwall.com/lists/oss-security/2017/09/18/2\");\n script_xref(name:\"URL\", value:\"https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/100872\");\n script_xref(name:\"URL\", value:\"https://archive.apache.org/dist/httpd/patches/apply_to_2.2.34/\");\n script_xref(name:\"URL\", value:\"https://www.apache.org/dist/httpd/CHANGES_2.4.28\");\n\n script_tag(name:\"summary\", value:\"Apache HTTP server allows remote attackers to read secret data\n from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf\n has certain misconfigurations, aka Optionsbleed.\");\n\n script_tag(name:\"vuldetect\", value:\"This script checks for a corrupted Allow header that is being\n constructed in response to HTTP OPTIONS requests.\");\n\n script_tag(name:\"insight\", value:\"Optionsbleed is a use after free error in Apache HTTP server that\n causes a corrupted Allow header to be constructed in response to HTTP OPTIONS requests. This can leak\n pieces of arbitrary memory from the server process that may contain secrets. The memory pieces change\n after multiple requests, so for a vulnerable host an arbitrary number of memory chunks can be leaked.\n\n The bug appears if a webmaster tries to use the 'Limit' directive with an invalid HTTP method.\n\n Example .htaccess:\n\n <Limit abcxyz>\n </Limit>\");\n\n script_tag(name:\"impact\", value:\"The successful exploitation allows the attacker to read chunks of the\n host's memory.\");\n\n script_tag(name:\"affected\", value:\"Apache HTTP Server 2.2.x versions up to 2.2.34 and 2.4.x below 2.4.28.\");\n\n script_tag(name:\"solution\", value:\"Update to Apache HTTP Server 2.4.28. For Apache HTTP Server running\n version 2.2.34 apply the patch linked in the references.\n\n As a workaround the usage of .htaccess should be disabled competely via the 'AllowOverride None'\n directive within the webservers configuration. Furthermore all <Limit> statements within the\n webserver configuration needs to be verified for invalid HTTP methods.\");\n\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"host_details.inc\");\n\nif(!port = get_app_port(cpe:CPE)) exit(0);\nget_app_location(cpe:CPE, port:port, nofork:TRUE); # To have a reference to the Detection-NVT\n\nuseragent = http_get_user_agent();\nhost = http_host_name(port:port);\n\n#TODO: Once this vulnerability got older we might want to consider to limit the amounts of directories to check here\nforeach dir(make_list_unique(\"/\", http_cgi_dirs(port:port)))\n{\n\n if(dir == \"/\") dir = \"\";\n url = dir + \"/\";\n\n req = 'OPTIONS ' + url + ' HTTP/1.1\\r\\n' +\n 'Host: ' + host + '\\r\\n' +\n 'User-Agent: ' + useragent + '\\r\\n' +\n 'Connection: Close\\r\\n\\r\\n';\n\n for(i = 0; i <= 100; i++)\n {\n res = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE);\n if(res =~ \"^HTTP/1\\.[01] 405\" ) break; # We don't need to continue in this inner loop if the OPTIONS method is disabled.\n if(allow = egrep(string:res, pattern:\"^Allow: .*\" ))\n {\n # Examples:\n # Allow: POST,OPTIONS,,HEAD,:09:44 GMT\n # Allow: ,GET,HEAD,POST,OPTIONS\n # Allow: HEAD,,HEAD,POST,,HEAD,TRACE\n # Allow: POST,OPTIONS,GET,HEAD,,HEAD,write.c>\n if(vuln = eregmatch(pattern:\"(\\,{2,}|\\,\\W+\\,|^\\w+\\:[\\s]{0,}\\,|\\d)\", string:allow))\n {\n report = \"The remote service might leak data/memory via the 'Allow' header.\";\n report += '\\n\\nRequest:\\n' + req + '\\nResponse:\\n' + res;\n security_message(port:port, data:report);\n exit(0);\n }\n }\n }\n}\n\nexit(99);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:33:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Ubuntu Update for apache2 USN-3425-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9798"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843313", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843313", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3425_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for apache2 USN-3425-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843313\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 11:45:15 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-9798\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for apache2 USN-3425-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'apache2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Hanno Bck discovered that the Apache HTTP\n Server incorrectly handled Limit directives in .htaccess files. In certain\n configurations, a remote attacker could possibly use this issue to read\n arbitrary server memory, including sensitive information. This issue is known as\n Optionsbleed.\");\n script_tag(name:\"affected\", value:\"apache2 on Ubuntu 17.04,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3425-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3425-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.04|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"apache2-bin\", ver:\"2.4.7-1ubuntu4.18\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"apache2-bin\", ver:\"2.4.25-3ubuntu2.3\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"apache2-bin\", ver:\"2.4.18-2ubuntu3.5\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:34:51", "description": "Apache HTTP server allows remote attackers to read secret data\n from process memory if the Limit directive can be set in a user", "cvss3": {}, "published": "2017-10-11T00:00:00", "type": "openvas", "title": "Apache HTTP Server OPTIONS Memory Leak Vulnerability (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9798"], "modified": "2018-10-19T00:00:00", "id": "OPENVAS:1361412562310108252", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108252", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apache_optionsbleed_version.nasl 11983 2018-10-19 10:04:45Z mmartin $\n#\n# Apache HTTP Server OPTIONS Memory Leak Vulnerability (Optionsbleed)\n#\n# Authors:\n# Christian Fischer <christian.fischer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, https://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:http_server\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108252\");\n script_version(\"$Revision: 11983 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-19 12:04:45 +0200 (Fri, 19 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-11 10:53:35 +0200 (Wed, 11 Oct 2017)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2017-9798\");\n script_bugtraq_id(100872);\n script_name(\"Apache HTTP Server OPTIONS Memory Leak Vulnerability (Optionsbleed)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"secpod_apache_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"apache/installed\");\n\n script_xref(name:\"URL\", value:\"http://openwall.com/lists/oss-security/2017/09/18/2\");\n script_xref(name:\"URL\", value:\"https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/100872\");\n script_xref(name:\"URL\", value:\"https://archive.apache.org/dist/httpd/patches/apply_to_2.2.34/\");\n script_xref(name:\"URL\", value:\"https://www.apache.org/dist/httpd/CHANGES_2.4.28\");\n\n script_tag(name:\"summary\", value:\"Apache HTTP server allows remote attackers to read secret data\n from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf\n has certain misconfigurations, aka Optionsbleed.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Optionsbleed is a use after free error in Apache HTTP server that\n causes a corrupted Allow header to be constructed in response to HTTP OPTIONS requests. This can leak\n pieces of arbitrary memory from the server process that may contain secrets. The memory pieces change\n after multiple requests, so for a vulnerable host an arbitrary number of memory chunks can be leaked.\n\n The bug appears if a webmaster tries to use the 'Limit' directive with an invalid HTTP method.\n\n Example .htaccess:\n\n <Limit abcxyz>\n </Limit>\");\n\n script_tag(name:\"impact\", value:\"The successful exploitation allows the attacker to read chunks of the\n host's memory.\");\n\n script_tag(name:\"affected\", value:\"Apache HTTP Server 2.2.x versions up to 2.2.34 and 2.4.x below 2.4.28.\");\n\n script_tag(name:\"solution\", value:\"Update to Apache HTTP Server 2.4.28. For Apache HTTP Server running\n version 2.2.34 apply the patch linked in the references.\n\n As a workaround the usage of .htaccess should be disabled competely via the 'AllowOverride None'\n directive within the webservers configuration. Furthermore all <Limit> statements within the\n webserver configuration needs to be verified for invalid HTTP methods.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( version_is_less_equal( version:vers, test_version:\"2.2.34\" ) ) {\n vuln = TRUE;\n fix = \"Apply the referenced patch or upgrade to 2.4.28\";\n}\n\nif( vers =~ \"^2\\.4\\.\" ) {\n if( version_is_less( version:vers, test_version:\"2.4.28\" ) ) {\n vuln = TRUE;\n fix = \"2.4.28\";\n }\n}\n\nif( vuln ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:fix );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-29T20:06:51", "description": "Jasper Mattsson found a remote code execution vulnerability in the\nDrupal content management system. This potentially allows attackers to\nexploit multiple attack vectors on a Drupal site, which could result in\nthe site being completely compromised.", "cvss3": {}, "published": "2018-03-29T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for drupal7 (DLA-1325-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-7600"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891325", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891325", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891325\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2018-7600\");\n script_name(\"Debian LTS: Security Advisory for drupal7 (DLA-1325-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-03-29 00:00:00 +0200 (Thu, 29 Mar 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"drupal7 on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n7.14-2+deb7u18.\n\nWe recommend that you upgrade your drupal7 packages.\");\n\n script_tag(name:\"summary\", value:\"Jasper Mattsson found a remote code execution vulnerability in the\nDrupal content management system. This potentially allows attackers to\nexploit multiple attack vectors on a Drupal site, which could result in\nthe site being completely compromised.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"drupal7\", ver:\"7.14-2+deb7u18\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-04T18:55:32", "description": "A remote code execution vulnerability has been found in Drupal, a\nfully-featured content management framework.", "cvss3": {}, "published": "2018-03-29T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4156-1 (drupal7 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-7600"], "modified": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310704156", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704156", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4156-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704156\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2018-7600\");\n script_name(\"Debian Security Advisory DSA 4156-1 (drupal7 - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-03-29 00:00:00 +0200 (Thu, 29 Mar 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4156.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB[89]\");\n script_tag(name:\"affected\", value:\"drupal7 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), this problem has been fixed\nin version 7.32-1+deb8u11.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 7.52-2+deb9u3.\n\nWe recommend that you upgrade your drupal7 packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/drupal7\");\n script_tag(name:\"summary\", value:\"A remote code execution vulnerability has been found in Drupal, a\nfully-featured content management framework.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"drupal7\", ver:\"7.52-2+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"drupal7\", ver:\"7.32-1+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:34", "description": "This host is running Drupal and is prone\n to critical remote code execution vulnerability.", "cvss3": {}, "published": "2018-03-29T00:00:00", "type": "openvas", "title": "Drupal Core Critical Remote Code Execution Vulnerability (SA-CORE-2018-002) (Windows, Version Check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-7600"], "modified": "2018-10-22T00:00:00", "id": "OPENVAS:1361412562310812583", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812583", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_drupal_core_rce_vuln_SA-CORE-2018-002_win.nasl 12012 2018-10-22 09:20:29Z asteins $\n#\n# Drupal Core Critical Remote Code Execution Vulnerability (SA-CORE-2018-002) (Windows, Version Check)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/a:drupal:drupal';\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812583\");\n script_version(\"$Revision: 12012 $\");\n script_cve_id(\"CVE-2018-7600\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-22 11:20:29 +0200 (Mon, 22 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-03-29 09:55:26 +0530 (Thu, 29 Mar 2018)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"Drupal Core Critical Remote Code Execution Vulnerability (SA-CORE-2018-002) (Windows, Version Check)\");\n\n script_tag(name:\"summary\", value:\"This host is running Drupal and is prone\n to critical remote code execution vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists within multiple subsystems\n of Drupal. This potentially allows attackers to exploit multiple attack\n vectors on a Drupal site, which could result in the site being completely\n compromised.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary code and completely compromise the site.\");\n\n script_tag(name:\"affected\", value:\"Drupal core versions 6.x and earlier,\n\n Drupal core versions 8.2.x and earlier,\n\n Drupal core versions 8.3.x to before 8.3.9,\n\n Drupal core versions 8.4.x to before 8.4.6,\n\n Drupal core versions 8.5.x to before 8.5.1 and\n\n Drupal core versions 7.x to before 7.58 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Drupal core version 8.3.9 or\n 8.4.6 or 8.5.1 or 7.58 or later. Please see the referenced links for available updates.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://www.drupal.org/psa-2018-001\");\n script_xref(name:\"URL\", value:\"https://www.drupal.org/sa-core-2018-002\");\n script_xref(name:\"URL\", value:\"https://www.drupal.org/project/drupal/releases/7.58\");\n script_xref(name:\"URL\", value:\"https://www.drupal.org/project/drupal/releases/8.3.9\");\n script_xref(name:\"URL\", value:\"https://www.drupal.org/project/drupal/releases/8.4.6\");\n script_xref(name:\"URL\", value:\"https://www.drupal.org/project/drupal/releases/8.5.1\");\n script_xref(name:\"URL\", value:\"https://research.checkpoint.com/uncovering-drupalgeddon-2/\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"drupal_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"drupal/installed\", \"Host/runs_windows\");\n script_require_ports(\"Services/www\", 80);\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!drupalPort = get_app_port(cpe:CPE)) {\n exit(0);\n}\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:drupalPort, version_regex:\"^([0-9]+)\", exit_no_version:TRUE)) {\n exit(0);\n}\n\ndrupalVer = infos['version'];\npath = infos['location'];\n\nif(drupalVer =~ \"^(6\\.)\") {\n fix = \"Drupal 6 is End of Life.please contact a D6LTS vendor\";\n}\n\nif(drupalVer =~ \"^(8\\.2)\" || drupalVer == \"8.5.0\"){\n fix = \"8.5.1\";\n}\n\nif(drupalVer =~ \"^(8\\.)\" && version_in_range(version:drupalVer, test_version:\"8.3.0\", test_version2:\"8.3.8\")) {\n fix = \"8.3.9\";\n}\n\nif(drupalVer =~ \"^(8\\.)\" && version_in_range(version:drupalVer, test_version:\"8.4.0\", test_version2:\"8.4.5\")) {\n fix = \"8.4.6\";\n}\n\nif(drupalVer =~ \"^(7\\.)\" && version_in_range(version:drupalVer, test_version:\"7.0\", test_version2:\"7.57\")) {\n fix = \"7.58\";\n}\n\nif(fix) {\n report = report_fixed_ver(installed_version:drupalVer, fixed_version:fix, install_path:path);\n security_message(data:report, port:drupalPort);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:34", "description": "This host is running Drupal and is prone\n to critical remote code execution vulnerability.", "cvss3": {}, "published": "2018-03-29T00:00:00", "type": "openvas", "title": "Drupal Core Critical Remote Code Execution Vulnerability (SA-CORE-2018-002) (Linux, Version Check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-7600"], "modified": "2018-10-22T00:00:00", "id": "OPENVAS:1361412562310812584", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812584", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_drupal_core_rce_vuln_SA-CORE-2018-002_lin.nasl 12012 2018-10-22 09:20:29Z asteins $\n#\n# Drupal Core Critical Remote Code Execution Vulnerability (SA-CORE-2018-002) (Linux, Version Check)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/a:drupal:drupal';\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812584\");\n script_version(\"$Revision: 12012 $\");\n script_cve_id(\"CVE-2018-7600\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-22 11:20:29 +0200 (Mon, 22 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-03-29 10:53:12 +0530 (Thu, 29 Mar 2018)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"Drupal Core Critical Remote Code Execution Vulnerability (SA-CORE-2018-002) (Linux, Version Check)\");\n\n script_tag(name:\"summary\", value:\"This host is running Drupal and is prone\n to critical remote code execution vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists within multiple subsystems\n of Drupal. This potentially allows attackers to exploit multiple attack\n vectors on a Drupal site, which could result in the site being completely\n compromised.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary code and completely compromise the site.\");\n\n script_tag(name:\"affected\", value:\"Drupal core versions 6.x and earlier,\n\n Drupal core versions 8.2.x and earlier,\n\n Drupal core versions 8.3.x to before 8.3.9,\n\n Drupal core versions 8.4.x to before 8.4.6,\n\n Drupal core versions 8.5.x to before 8.5.1 and\n\n Drupal core versions 7.x to before 7.58 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Drupal core version 8.3.9 or\n 8.4.6 or 8.5.1 or 7.58 or later. Please see the referenced links for available updates.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://www.drupal.org/psa-2018-001\");\n script_xref(name:\"URL\", value:\"https://www.drupal.org/sa-core-2018-002\");\n script_xref(name:\"URL\", value:\"https://www.drupal.org/project/drupal/releases/7.58\");\n script_xref(name:\"URL\", value:\"https://www.drupal.org/project/drupal/releases/8.3.9\");\n script_xref(name:\"URL\", value:\"https://www.drupal.org/project/drupal/releases/8.4.6\");\n script_xref(name:\"URL\", value:\"https://www.drupal.org/project/drupal/releases/8.5.1\");\n script_xref(name:\"URL\", value:\"https://research.checkpoint.com/uncovering-drupalgeddon-2/\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"drupal_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"drupal/installed\", \"Host/runs_unixoide\");\n script_require_ports(\"Services/www\", 80);\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!drupalPort = get_app_port(cpe:CPE)) {\n exit(0);\n}\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:drupalPort, version_regex:\"^([0-9.]+)\", exit_no_version:TRUE)) {\n exit(0);\n}\n\ndrupalVer = infos['version'];\npath = infos['location'];\n\nif(drupalVer =~ \"^(6\\.)\") {\n fix = \"Drupal 6 is End of Life.please contact a D6LTS vendor\";\n}\n\nif(drupalVer =~ \"^(8\\.2)\" || drupalVer == \"8.5.0\") {\n fix = \"Upgrade to 8.5.1\";\n}\n\nif(version_in_range(version:drupalVer, test_version:\"8.3.0\", test_version2:\"8.3.8\")) {\n fix = \"Upgrade to 8.3.9\";\n}\n\nif(version_in_range(version:drupalVer, test_version:\"8.4.0\", test_version2:\"8.4.5\")) {\n fix = \"Upgrade to 8.4.6\";\n}\n\nif(version_in_range(version:drupalVer, test_version:\"7.0\", test_version2:\"7.57\")) {\n fix = \"Upgrade to 7.58\";\n}\n\nif(fix) {\n report = report_fixed_ver(installed_version:drupalVer, fixed_version:fix, install_path:path);\n security_message(data:report, port:drupalPort);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-16T15:52:02", "description": "This host is running Drupal and is prone\n to critical remote code execution vulnerability.", "cvss3": {}, "published": "2018-04-14T00:00:00", "type": "openvas", "title": "Drupal Core Critical Remote Code Execution Vulnerability (SA-CORE-2018-002) (Active Check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-7600"], "modified": "2020-04-15T00:00:00", "id": "OPENVAS:1361412562310108438", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108438", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Drupal Core Critical Remote Code Execution Vulnerability (SA-CORE-2018-002) (Active Check)\n#\n# Authors:\n# Christian Fischer <christian.fischer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:drupal:drupal\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108438\");\n script_version(\"2020-04-15T09:02:26+0000\");\n script_cve_id(\"CVE-2018-7600\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-15 09:02:26 +0000 (Wed, 15 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-04-14 13:29:22 +0200 (Sat, 14 Apr 2018)\");\n script_name(\"Drupal Core Critical Remote Code Execution Vulnerability (SA-CORE-2018-002) (Active Check)\");\n script_category(ACT_ATTACK);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"drupal_detect.nasl\");\n script_mandatory_keys(\"drupal/installed\");\n script_require_ports(\"Services/www\", 80);\n\n script_xref(name:\"URL\", value:\"https://www.drupal.org/psa-2018-001\");\n script_xref(name:\"URL\", value:\"https://www.drupal.org/sa-core-2018-002\");\n script_xref(name:\"URL\", value:\"https://www.drupal.org/project/drupal/releases/7.58\");\n script_xref(name:\"URL\", value:\"https://www.drupal.org/project/drupal/releases/8.3.9\");\n script_xref(name:\"URL\", value:\"https://www.drupal.org/project/drupal/releases/8.4.6\");\n script_xref(name:\"URL\", value:\"https://www.drupal.org/project/drupal/releases/8.5.1\");\n script_xref(name:\"URL\", value:\"https://research.checkpoint.com/uncovering-drupalgeddon-2/\");\n\n script_tag(name:\"summary\", value:\"This host is running Drupal and is prone\n to critical remote code execution vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Send a crafted HTTP POST request and check the response.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists within multiple subsystems\n of Drupal. This potentially allows attackers to exploit multiple attack\n vectors on a Drupal site, which could result in the site being completely\n compromised.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary code and completely compromise the site.\");\n\n script_tag(name:\"affected\", value:\"Drupal core versions 6.x and earlier,\n\n Drupal core versions 8.2.x and earlier,\n\n Drupal core versions 8.3.x to before 8.3.9,\n\n Drupal core versions 8.4.x to before 8.4.6,\n\n Drupal core versions 8.5.x to before 8.5.1 and\n\n Drupal core versions 7.x to before 7.58.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Drupal core version 8.3.9, 8.4.6, 8.5.1,\n 7.58 or later. Please see the refereced links for available updates.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_app\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"host_details.inc\");\ninclude(\"misc_func.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) )\n exit( 0 );\n\nif( ! dir = get_app_location( cpe:CPE, port:port ) )\n exit( 0 );\n\nif( dir == \"/\" )\n dir = \"\";\n\ncheck = rand_str( length:16 );\n# nb: URL rewriting on/off\nurls = make_list( dir + \"/user/register\", dir + \"/?q=user/register\" );\n\nforeach url( urls ) {\n\n url = url + \"?element_parents=account%2Fmail%2F%23value&ajax_form=1&_wrapper_format=drupal_ajax\";\n data = \"form_id=user_register_form&_drupal_ajax=1&mail[#post_render][]=printf&mail[#type]=markup&mail[#markup]=\" + check;\n req = http_post_put_req( port:port, url:url, data:data,\n add_headers:make_array( \"Content-Type\", \"application/x-www-form-urlencoded\" ) );\n res = http_keepalive_send_recv( port:port, data:req, bodyonly:TRUE );\n # neNWIz2mlhti89hQ[{\"command\":\"insert\",\"method\":\"replaceWith\",\"selector\":null,\"data\":\"16\\u003Cspan class=\\u0022ajax-new-content\\u0022\\u003E\\u003C\\/span\\u003E\",\"settings\":null}]\n if( egrep( string:res, pattern:\"^\" + check + \"\\[\\{\" ) ) {\n\n info['\"HTTP POST\" body'] = data;\n info['URL'] = http_report_vuln_url( port:port, url:url, url_only:TRUE );\n\n report = 'By doing the following request:\\n\\n';\n report += text_format_table( array:info ) + '\\n\\n';\n report += 'it was possible to execute the \"printf\" command.';\n report += '\\n\\nResult:\\n\\n' + res;\n\n expert_info = 'Request:\\n'+ req + 'Response:\\n' + res + '\\n';\n security_message( port:port, data:report, expert_info:expert_info );\n exit( 0 );\n }\n}\n\n# Drupal 7\n# This needs 2 requests (see e.g. https://github.com/FireFart/CVE-2018-7600/blob/master/poc.py)\nurl1 = dir + \"/?q=user%2Fpassword&name%5B%23post_render%5D%5B%5D=printf&name%5B%23markup%5D=\"+ check +\n \"&name%5B%23typ\";\ndata1 = \"form_id=user_pass&_triggering_element_name=name\";\n\nreq = http_post_put_req( port:port, url:url1, data:data1,\n add_headers:make_array( \"Content-Type\", \"application/x-www-form-urlencoded\" ) );\nres = http_keepalive_send_recv( port:port, data:req, bodyonly:TRUE );\n\nbuild_id = eregmatch( pattern:'<input type=\"hidden\" name=\"form_build_id\" value=\"([^\"]+)\" />', string:res );\nif( ! isnull( build_id[1] ) ) {\n url2 = dir + \"/?q=file%2Fajax%2Fname%2F%23value%2F\" + build_id[1];\n data2 = \"form_build_id=\" + build_id[1];\n req = http_post_put_req( port:port, url:url2, data:data2,\n add_headers:make_array( \"Content-Type\", \"application/x-www-form-urlencoded\" ) );\n res = http_keepalive_send_recv( port:port, data:req, bodyonly:TRUE );\n\n # wz8rLLg_3Uie91Rg[{\"command\":\"settings\",\"settings\":{\"basePath\":\"...\n if( egrep( string:res, pattern:\"^\" + check + \"\\[\\{\" ) ) {\n\n info['Req 1: \"HTTP POST\" body'] = data1;\n info['Req 1: URL'] = http_report_vuln_url( port:port, url:url1, url_only:TRUE );\n info['Req 2: \"HTTP POST\" body'] = data2;\n info['Req 2: URL'] = http_report_vuln_url( port:port, url:url2, url_only:TRUE );\n\n report = 'By doing the following subsequent requests:\\n\\n';\n report += text_format_table( array:info ) + '\\n\\n';\n report += 'it was possible to execute the \"printf\" command to return the data \"' + check + '\".';\n report += '\\n\\nResult:\\n\\n' + res;\n\n expert_info = 'Request:\\n'+ req + 'Response:\\n' + res + '\\n';\n security_message( port:port, data:report, expert_info:expert_info );\n exit( 0 );\n }\n}\n\nexit( 99 );\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-09T17:50:40", "description": "The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack (CVE-2018-0737).", "cvss3": {}, "published": "2020-05-26T00:00:00", "type": "openvas", "title": "Huawei Data Communication: Cache Timing Vulnerability in OpenSSL RSA Key Generation (huawei-sa-20181212-01-cache)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-0737"], "modified": "2020-06-05T00:00:00", "id": "OPENVAS:1361412562310107838", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310107838", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.107838\");\n script_version(\"2020-06-05T12:34:50+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-05 12:34:50 +0000 (Fri, 05 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-26 15:22:01 +0200 (Tue, 26 May 2020)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_cve_id(\"CVE-2018-0737\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Huawei Data Communication: Cache Timing Vulnerability in OpenSSL RSA Key Generation (huawei-sa-20181212-01-cache)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei\");\n script_dependencies(\"gb_huawei_vrp_network_device_consolidation.nasl\");\n script_mandatory_keys(\"huawei/vrp/detected\");\n\n script_tag(name:\"summary\", value:\"The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack (CVE-2018-0737).\");\n\n script_tag(name:\"insight\", value:\"The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack (CVE-2018-0737). An attacker could exploit this vulnerability to recover the private key. (Vulnerability ID: HWPSIRT-2018-06015)Huawei has released software updates to fix this vulnerability. This advisory is available in the linked references.\");\n\n script_tag(name:\"impact\", value:\"An attacker could exploit this vulnerability to recover the private key.\");\n\n script_tag(name:\"affected\", value:\"TE30 versions V600R006C10\n\nTE40 versions V600R006C10\n\nTE50 versions V600R006C10\n\nTE60 versions V600R006C10\");\n\n script_tag(name:\"solution\", value:\"See the referenced vendor advisory for a solution.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_xref(name:\"URL\", value:\"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181212-01-cache-en\");\n\n exit(0);\n}\n\ninclude( \"host_details.inc\" );\ninclude( \"version_func.inc\" );\n\ncpe_list = make_list( \"cpe:/o:huawei:te30_firmware\",\n \"cpe:/o:huawei:te40_firmware\",\n \"cpe:/o:huawei:te50_firmware\",\n \"cpe:/o:huawei:te60_firmware\" );\n\nif( ! infos = get_app_version_from_list( cpe_list:cpe_list, nofork:TRUE ) )\n exit( 0 );\n\ncpe = infos[\"cpe\"];\nversion = toupper( infos[\"version\"] );\n\npatch = get_kb_item( \"huawei/vrp/patch\" );\n\nif( cpe =~ \"^cpe:/o:huawei:te(3|4|5|6)0_firmware\" ) {\n if( version == \"V600R006C10\" ) {\n report = report_fixed_ver( installed_version:version, fixed_version:\"V600R006C10SPC400\" );\n security_message( port:0, data:report );\n exit( 0 );\n }\n}\n\nexit( 99 );\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-31T16:48:02", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-02-09T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for openssl-1_1 (openSUSE-SU-2019:0152-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-0737"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852279", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852279", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852279\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-0737\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-02-09 04:03:55 +0100 (Sat, 09 Feb 2019)\");\n script_name(\"openSUSE: Security Advisory for openssl-1_1 (openSUSE-SU-2019:0152-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:0152-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-02/msg00009.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl-1_1'\n package(s) announced via the openSUSE-SU-2019:0152-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for openssl-1_1 fixes the following issues:\n\n Security issues fixed:\n\n - The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS\n Implementations (bsc#1117951)\n\n - Fix FIPS RSA generator (bsc#1118913)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-152=1\");\n\n script_tag(name:\"affected\", value:\"openssl-1_1 on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl-1_1-devel\", rpm:\"libopenssl-1_1-devel~1.1.0i~lp150.3.18.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_1\", rpm:\"libopenssl1_1~1.1.0i~lp150.3.18.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_1-debuginfo\", rpm:\"libopenssl1_1-debuginfo~1.1.0i~lp150.3.18.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_1-hmac\", rpm:\"libopenssl1_1-hmac~1.1.0i~lp150.3.18.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-1_1\", rpm:\"openssl-1_1~1.1.0i~lp150.3.18.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-1_1-debuginfo\", rpm:\"openssl-1_1-debuginfo~1.1.0i~lp150.3.18.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-1_1-debugsource\", rpm:\"openssl-1_1-debugsource~1.1.0i~lp150.3.18.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-1_1-doc\", rpm:\"openssl-1_1-doc~1.1.0i~lp150.3.18.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl-1_1-devel-32bit\", rpm:\"libopenssl-1_1-devel-32bit~1.1.0i~lp150.3.18.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_1-32bit\", rpm:\"libopenssl1_1-32bit~1.1.0i~lp150.3.18.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_1-32bit-debuginfo\", rpm:\"libopenssl1_1-32bit-debuginfo~1.1.0i~lp150.3.18.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_1-hmac-32bit\", rpm:\"libopenssl1_1-hmac-32bit~1.1.0i~lp150.3.18.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-27T18:38:25", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2018-1383)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-0737"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181383", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181383", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1383\");\n script_version(\"2020-01-23T11:23:55+0000\");\n script_cve_id(\"CVE-2018-0737\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:23:55 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:23:55 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2018-1383)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-2\\.5\\.1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1383\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1383\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'openssl' package(s) announced via the EulerOS-SA-2018-1383 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"OpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover parts of the private key.CVE-2018-0737\");\n\n script_tag(name:\"affected\", value:\"'openssl' package(s) on Huawei EulerOS Virtualization 2.5.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-2.5.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~60.1.h3\", rls:\"EULEROSVIRT-2.5.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~60.1.h3\", rls:\"EULEROSVIRT-2.5.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-libs\", rpm:\"openssl-libs~1.0.1e~60.1.h3\", rls:\"EULEROSVIRT-2.5.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:33:24", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-26T00:00:00", "type": "openvas", "title": "Ubuntu Update for openssl USN-3628-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-0737"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310843673", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843673", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3628_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for openssl USN-3628-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843673\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2018-0737\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-26 06:05:16 +0200 (Fri, 26 Oct 2018)\");\n script_name(\"Ubuntu Update for openssl USN-3628-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.10|16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"3628-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3628-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the USN-3628-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis\nManuel Alvarez Tapia discovered that OpenSSL incorrectly handled RSA\nkey generation. An attacker could possibly use this issue to perform a\ncache-timing attack and recover private RSA keys.\");\n\n script_tag(name:\"affected\", value:\"openssl on Ubuntu 17.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1f-1ubuntu2.25\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.2g-1ubuntu13.5\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.2g-1ubuntu4.12\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-31T17:39:24", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-01T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for openssl (openSUSE-SU-2018:2957-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-0737"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851920", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851920", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851920\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-10-01 06:53:01 +0200 (Mon, 01 Oct 2018)\");\n script_cve_id(\"CVE-2018-0737\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for openssl (openSUSE-SU-2018:2957-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for openssl fixes the following issues:\n\n These security issues were fixed:\n\n - Prevent One&amp Done side-channel attack on RSA that allowed physically near\n attackers to use EM emanations to recover information (bsc#1104789)\n\n - CVE-2018-0737: The RSA Key generation algorithm has been shown to be\n vulnerable to a cache timing side channel attack. An attacker with\n sufficient access to mount cache timing attacks during the RSA key\n generation process could have recovered the private key (bsc#1089039)\n\n These non-security issues were fixed:\n\n - Add openssl(cli) Provide so the packages that require the openssl binary\n can require this instead of the new openssl meta package (bsc#1101470)\n\n - Fixed path to the engines which are under /lib64 on SLE-12 (bsc#1101246,\n bsc#997043)\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2018-1091=1\");\n\n script_tag(name:\"affected\", value:\"openssl on openSUSE Leap 42.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:2957-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-09/msg00087.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~1.0.2j~29.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0\", rpm:\"libopenssl1_0_0~1.0.2j~29.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo\", rpm:\"libopenssl1_0_0-debuginfo~1.0.2j~29.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-hmac\", rpm:\"libopenssl1_0_0-hmac~1.0.2j~29.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.2j~29.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-cavs\", rpm:\"openssl-cavs~1.0.2j~29.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-cavs-debuginfo\", rpm:\"openssl-cavs-debuginfo~1.0.2j~29.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.2j~29.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debugsource\", rpm:\"openssl-debugsource~1.0.2j~29.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~1.0.2j~29.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl-devel-32bit\", rpm:\"libopenssl-devel-32bit~1.0.2j~29.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-32bit\", rpm:\"libopenssl1_0_0-32bit~1.0.2j~29.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo-32bit\", rpm:\"libopenssl1_0_0-debuginfo-32bit~1.0.2j~29.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-hmac-32bit\", rpm:\"libopenssl1_0_0-hmac-32bit~1.0.2j~29.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "osv": [{"lastseen": "2022-08-10T07:11:16", "description": "\nGergely G\u0102\u0104bor Nagy from Tresorit discovered that libcrypto++, a C++\ncryptographic library, contained a bug in several ASN.1 parsing\nroutines. This would allow an attacker to remotely cause a denial of\nservice.\n\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 5.6.1-6+deb8u3.\n\n\nFor the testing (stretch) and unstable (sid) distributions, this\nproblem has been fixed in version 5.6.4-5.\n\n\nWe recommend that you upgrade your libcrypto++ packages.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-12-26T00:00:00", "type": "osv", "title": "libcrypto++ - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9939"], "modified": "2022-08-10T07:11:13", "id": "OSV:DSA-3748-1", "href": "https://osv.dev/vulnerability/DSA-3748-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-05T05:19:57", "description": "\nGergely G\u0102\u0104bor Nagy from Tresorit discovered that libcrypto++, a C++\ncryptographic library, contained a bug in several ASN.1 parsing\nroutines. This would allow an attacker to remotely cause a denial of\nservice.\n\n\nFor Debian 7 Wheezy, these problems have been fixed in version\n5.6.1-6+deb7u3.\n\n\nWe recommend that you upgrade your libcrypto++ packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-12-27T00:00:00", "type": "osv", "title": "libcrypto++ - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9939"], "modified": "2022-08-05T05:19:53", "id": "OSV:DLA-766-1", "href": "https://osv.dev/vulnerability/DLA-766-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-10T07:12:36", "description": "\nHanno Boeck discovered that incorrect parsing of Limit directives of\n.htaccess files by the Apache HTTP Server could result in memory\ndisclosure.\n\n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 2.4.10-10+deb8u11.\n\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 2.4.25-3+deb9u3.\n\n\nWe recommend that you upgrade your apache2 packages.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2017-09-20T00:00:00", "type": "osv", "title": "apache2 - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2022-08-10T07:12:32", "id": "OSV:DSA-3980-1", "href": "https://osv.dev/vulnerability/DSA-3980-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-07-21T08:20:18", "description": "\nHanno Boeck discovered that incorrect parsing of Limit directives of\n.htaccess files by the Apache HTTP Server could result in memory\ndisclosure.\n\n\nFor Debian 7 Wheezy, these problems have been fixed in version\n2.2.22-13+deb7u12.\n\n\nWe recommend that you upgrade your apache2 packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2017-09-21T00:00:00", "type": "osv", "title": "apache2 - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2022-07-21T05:51:48", "id": "OSV:DLA-1102-1", "href": "https://osv.dev/vulnerability/DLA-1102-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-07-21T08:24:04", "description": "\nA remote code execution vulnerability has been found in Drupal, a\nfully-featured content management framework. For additional information,\nplease refer to the upstream advisory at\n<https://www.drupal.org/sa-core-2018-002>\n\n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 7.32-1+deb8u11.\n\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 7.52-2+deb9u3.\n\n\nWe recommend that you upgrade your drupal7 packages.\n\n\nFor the detailed security status of drupal7 please refer to its security\ntracker page at:\n<https://security-tracker.debian.org/tracker/drupal7>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-03-29T00:00:00", "type": "osv", "title": "drupal7 - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7600"], "modified": "2022-07-21T05:49:48", "id": "OSV:DSA-4156-1", "href": "https://osv.dev/vulnerability/DSA-4156-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-21T08:19:34", "description": "\nJasper Mattsson found a remote code execution vulnerability in the\nDrupal content management system. This potentially allows attackers to\nexploit multiple attack vectors on a Drupal site, which could result in\nthe site being completely compromised.\n\n\nFor further information please refer to the official upstream advisory\nat <https://www.drupal.org/sa-core-2018-002.>\n\n\nFor Debian 7 Wheezy, these problems have been fixed in version\n7.14-2+deb7u18.\n\n\nWe recommend that you upgrade your drupal7 packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-03-28T00:00:00", "type": "osv", "title": "drupal7 - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7600"], "modified": "2022-07-21T05:52:04", "id": "OSV:DLA-1325-1", "href": "https://osv.dev/vulnerability/DLA-1325-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2022-08-04T14:05:38", "description": "Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1\nBER decoding routine. The library will allocate a memory block based on the\nlength field of the ASN.1 object. If there is not enough content octets in\nthe ASN.1 object, then the function will fail and the memory block will be\nzeroed even if its unused. There is a noticeable delay during the wipe for\na large allocation.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848009>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-01-30T00:00:00", "type": "ubuntucve", "title": "CVE-2016-9939", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9939"], "modified": "2017-01-30T00:00:00", "id": "UB:CVE-2016-9939", "href": "https://ubuntu.com/security/CVE-2016-9939", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-04T13:57:14", "description": "Apache httpd allows remote attackers to read secret data from process\nmemory if the Limit directive can be set in a user's .htaccess file, or if\nhttpd.conf has certain misconfigurations, aka Optionsbleed. This affects\nthe Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The\nattacker sends an unauthenticated OPTIONS HTTP request when attempting to\nread secret data. This is a use-after-free issue and thus secret data is\nnot always sent, and the specific data depends on many factors including\nconfiguration. Exploitation with .htaccess can be blocked with a patch to\nthe ap_limit_section function in server/core.c.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876109>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-09-18T00:00:00", "type": "ubuntucve", "title": "CVE-2017-9798", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2017-09-18T00:00:00", "id": "UB:CVE-2017-9798", "href": "https://ubuntu.com/security/CVE-2017-9798", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-26T14:41:26", "description": "Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before\n8.5.1 allows remote attackers to execute arbitrary code because of an issue\naffecting multiple subsystems with default or common module configurations.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894259>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-03-29T00:00:00", "type": "ubuntucve", "title": "CVE-2018-7600", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7600"], "modified": "2018-03-29T00:00:00", "id": "UB:CVE-2018-7600", "href": "https://ubuntu.com/security/CVE-2018-7600", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T13:50:36", "description": "The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to\na cache timing side channel attack. An attacker with sufficient access to\nmount cache timing attacks during the RSA key generation process could\nrecover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected\n1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895845>\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895844>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | USN-3628-1 was releases with a possible incomplete fix. Next USN should add the three first commits listed below\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-04-16T00:00:00", "type": "ubuntucve", "title": "CVE-2018-0737", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0737"], "modified": "2018-04-16T00:00:00", "id": "UB:CVE-2018-0737", "href": "https://ubuntu.com/security/CVE-2018-0737", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "suse": [{"lastseen": "2022-11-06T12:08:56", "description": "An update that fixes one vulnerability is now available.\n\nDescription:\n\n This update for libcryptopp fixes the following issues:\n\n - CVE-2016-9939: Fixed potential DoS in Crypto++ (libcryptopp) ASN.1\n parser (bsc#1015243).\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-SLE-15.3-2021-3301=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-10-06T00:00:00", "type": "suse", "title": "Security update for libcryptopp (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9939"], "modified": "2021-10-06T00:00:00", "id": "OPENSUSE-SU-2021:3301-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OT7AMKZYZG3NMSSJK4GVQCGFPLIGSKD5/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-04-18T12:42:13", "description": "An update that solves one vulnerability and has one errata\n is now available.\n\nDescription:\n\n This update for openssl-1_1 fixes the following issues:\n\n Security issues fixed:\n\n - The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS\n Implementations (bsc#1117951)\n - Fix FIPS RSA generator (bsc#1118913)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-152=1", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-02-08T00:00:00", "type": "suse", "title": "Security update for openssl-1_1 (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0737"], "modified": "2019-02-08T00:00:00", "id": "OPENSUSE-SU-2019:0152-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HIAYIHJLDAY2NLW33V5MTK3K22WFL3KN/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2018-09-30T20:20:16", "description": "This update for openssl fixes the following issues:\n\n These security issues were fixed:\n\n - Prevent One&Done side-channel attack on RSA that allowed physically near\n attackers to use EM emanations to recover information (bsc#1104789)\n - CVE-2018-0737: The RSA Key generation algorithm has been shown to be\n vulnerable to a cache timing side channel attack. An attacker with\n sufficient access to mount cache timing attacks during the RSA key\n generation process could have recovered the private key (bsc#1089039)\n\n These non-security issues were fixed:\n\n - Add openssl(cli) Provide so the packages that require the openssl binary\n can require this instead of the new openssl meta package (bsc#1101470)\n - Fixed path to the engines which are under /lib64 on SLE-12 (bsc#1101246,\n bsc#997043)\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n", "cvss3": {}, "published": "2018-09-30T18:09:41", "type": "suse", "title": "Security update for openssl (moderate)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2018-0737"], "modified": "2018-09-30T18:09:41", "id": "OPENSUSE-SU-2018:2957-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-09/msg00087.html", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "debiancve": [{"lastseen": "2022-09-01T06:03:11", "description": "Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the length field of the ASN.1 object. If there is not enough content octets in the ASN.1 object, then the function will fail and the memory block will be zeroed even if its unused. There is a noticeable delay during the wipe for a large allocation.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-01-30T21:59:00", "type": "debiancve", "title": "CVE-2016-9939", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9939"], "modified": "2017-01-30T21:59:00", "id": "DEBIANCVE:CVE-2016-9939", "href": "https://security-tracker.debian.org/tracker/CVE-2016-9939", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-03-19T02:05:50", "description": "Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-09-18T15:29:00", "type": "debiancve", "title": "CVE-2017-9798", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2017-09-18T15:29:00", "id": "DEBIANCVE:CVE-2017-9798", "href": "https://security-tracker.debian.org/tracker/CVE-2017-9798", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-12-14T17:47:52", "description": "Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-03-29T07:29:00", "type": "debiancve", "title": "CVE-2018-7600", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7600"], "modified": "2018-03-29T07:29:00", "id": "DEBIANCVE:CVE-2018-7600", "href": "https://security-tracker.debian.org/tracker/CVE-2018-7600", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-13T18:10:53", "description": "The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-04-16T18:29:00", "type": "debiancve", "title": "CVE-2018-0737", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0737"], "modified": "2018-04-16T18:29:00", "id": "DEBIANCVE:CVE-2018-0737", "href": "https://security-tracker.debian.org/tracker/CVE-2018-0737", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "When Crypto++ library parses an ASN.1 data value, the library allocates for the content octets based on the length octets. Later, if there's too few or too little content octets, the library throws a BERDecodeErr exception. The memory for the content octets will be zeroized (even if unused), which could take a long time on a large allocation (CVE-2016-9939). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-01-07T21:39:59", "type": "mageia", "title": "Updated libcryptopp packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9939"], "modified": "2017-01-07T21:39:59", "id": "MGASA-2017-0010", "href": "https://advisories.mageia.org/MGASA-2017-0010.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-04-18T11:19:34", "description": "Hanno B\u00f6ck discovered that the Apache HTTP Server incorrectly handled Limit directives in .htaccess files. In certain configurations, a remote attacker could possibly use this issue to read arbitrary server memory, including sensitive information. This issue is known as Optionsbleed (CVE-2017-9798). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-01-01T10:38:51", "type": "mageia", "title": "Updated apache packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2018-01-01T10:38:51", "id": "MGASA-2018-0009", "href": "https://advisories.mageia.org/MGASA-2018-0009.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "debian": [{"lastseen": "2022-02-15T13:38:09", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3748-1 security@debian.org\nhttps://www.debian.org/security/ Sebastien Delafond\nDecember 26, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libcrypto++\nCVE ID : CVE-2016-9939\nDebian Bug : 848009\n\nGergely G\u00e1bor Nagy from Tresorit discovered that libcrypto++, a C++\ncryptographic library, contained a bug in several ASN.1 parsing\nroutines. This would allow an attacker to remotely cause a denial of\nservice.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 5.6.1-6+deb8u3.\n\nFor the testing (stretch) and unstable (sid) distributions, this\nproblem has been fixed in version 5.6.4-5.\n\nWe recommend that you upgrade your libcrypto++ packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-12-26T10:34:57", "type": "debian", "title": "[SECURITY] [DSA 3748-1] libcrypto++ security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9939"], "modified": "2016-12-26T10:34:57", "id": "DEBIAN:DSA-3748-1:CD0FB", "href": "https://lists.debian.org/debian-security-announce/2016/msg00332.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-01-25T05:44:03", "description": "Package : libcrypto++\nVersion : 5.6.1-6+deb7u3\nCVE ID : CVE-2016-9939\nDebian Bug : 848009\n\nGergely G\u00e1bor Nagy from Tresorit discovered that libcrypto++, a C++\ncryptographic library, contained a bug in several ASN.1 parsing\nroutines. This would allow an attacker to remotely cause a denial of\nservice.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n5.6.1-6+deb7u3.\n\nWe recommend that you upgrade your libcrypto++ packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-12-27T19:31:31", "type": "debian", "title": "[SECURITY] [DLA 766-1] libcrypto++ security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9939"], "modified": "2016-12-27T19:31:31", "id": "DEBIAN:DLA-766-1:18E2C", "href": "https://lists.debian.org/debian-lts-announce/2016/12/msg00042.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-23T21:42:07", "description": "Package : libcrypto++\nVersion : 5.6.1-6+deb7u3\nCVE ID : CVE-2016-9939\nDebian Bug : 848009\n\nGergely G\u00e1bor Nagy from Tresorit discovered that libcrypto++, a C++\ncryptographic library, contained a bug in several ASN.1 parsing\nroutines. This would allow an attacker to remotely cause a denial of\nservice.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n5.6.1-6+deb7u3.\n\nWe recommend that you upgrade your libcrypto++ packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-12-27T19:31:31", "type": "debian", "title": "[SECURITY] [DLA 766-1] libcrypto++ security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9939"], "modified": "2016-12-27T19:31:31", "id": "DEBIAN:DLA-766-1:7DAB0", "href": "https://lists.debian.org/debian-lts-announce/2016/12/msg00042.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-21T22:09:49", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3748-1 security@debian.org\nhttps://www.debian.org/security/ Sebastien Delafond\nDecember 26, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libcrypto++\nCVE ID : CVE-2016-9939\nDebian Bug : 848009\n\nGergely G\u00e1bor Nagy from Tresorit discovered that libcrypto++, a C++\ncryptographic library, contained a bug in several ASN.1 parsing\nroutines. This would allow an attacker to remotely cause a denial of\nservice.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 5.6.1-6+deb8u3.\n\nFor the testing (stretch) and unstable (sid) distributions, this\nproblem has been fixed in version 5.6.4-5.\n\nWe recommend that you upgrade your libcrypto++ packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-12-26T10:34:57", "type": "debian", "title": "[SECURITY] [DSA 3748-1] libcrypto++ security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9939"], "modified": "2016-12-26T10:34:57", "id": "DEBIAN:DSA-3748-1:9F07C", "href": "https://lists.debian.org/debian-security-announce/2016/msg00332.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-02-19T00:13:09", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3980-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nSeptember 20, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : apache2\nCVE ID : CVE-2017-9798\nDebian Bug : 876109\n\nHanno Boeck discovered that incorrect parsing of Limit directives of\n.htaccess files by the Apache HTTP Server could result in memory\ndisclosure.\n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 2.4.10-10+deb8u11.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 2.4.25-3+deb9u3.\n\nWe recommend that you upgrade your apache2 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2017-09-20T09:20:19", "type": "debian", "title": "[SECURITY] [DSA 3980-1] apache2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2017-09-20T09:20:19", "id": "DEBIAN:DSA-3980-1:C7ED3", "href": "https://lists.debian.org/debian-security-announce/2017/msg00242.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-12-06T03:39:06", "description": "Package : apache2\nVersion : 2.2.22-13+deb7u12\nCVE ID : CVE-2017-9798\nDebian Bug : 876109\n\nHanno Boeck discovered that incorrect parsing of Limit directives of\n.htaccess files by the Apache HTTP Server could result in memory\ndisclosure.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n2.2.22-13+deb7u12.\n\nWe recommend that you upgrade your apache2 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2017-09-21T20:42:18", "type": "debian", "title": "[SECURITY] [DLA 1102-1] apache2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2017-09-21T20:42:18", "id": "DEBIAN:DLA-1102-1:7F277", "href": "https://lists.debian.org/debian-lts-announce/2017/09/msg00019.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-10-22T13:34:08", "description": "Package : apache2\nVersion : 2.2.22-13+deb7u12\nCVE ID : CVE-2017-9798\nDebian Bug : 876109\n\nHanno Boeck discovered that incorrect parsing of Limit directives of\n.htaccess files by the Apache HTTP Server could result in memory\ndisclosure.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n2.2.22-13+deb7u12.\n\nWe recommend that you upgrade your apache2 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2017-09-21T20:42:18", "type": "debian", "title": "[SECURITY] [DLA 1102-1] apache2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2017-09-21T20:42:18", "id": "DEBIAN:DLA-1102-1:511F7", "href": "https://lists.debian.org/debian-lts-announce/2017/09/msg00019.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-10-21T21:54:54", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3980-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nSeptember 20, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : apache2\nCVE ID : CVE-2017-9798\nDebian Bug : 876109\n\nHanno Boeck discovered that incorrect parsing of Limit directives of\n.htaccess files by the Apache HTTP Server could result in memory\ndisclosure.\n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 2.4.10-10+deb8u11.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 2.4.25-3+deb9u3.\n\nWe recommend that you upgrade your apache2 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2017-09-20T09:20:19", "type": "debian", "title": "[SECURITY] [DSA 3980-1] apache2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2017-09-20T09:20:19", "id": "DEBIAN:DSA-3980-1:6FBEB", "href": "https://lists.debian.org/debian-security-announce/2017/msg00242.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-10-22T12:59:37", "description": "Package : drupal7\nVersion : 7.14-2+deb7u18\nCVE ID : CVE-2018-7600\n\nJasper Mattsson found a remote code execution vulnerability in the\nDrupal content management system. This potentially allows attackers to\nexploit multiple attack vectors on a Drupal site, which could result in\nthe site being completely compromised.\n\nFor further information please refer to the official upstream advisory\nat https://www.drupal.org/sa-core-2018-002.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n7.14-2+deb7u18.\n\nWe recommend that you upgrade your drupal7 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-03-28T22:42:25", "type": "debian", "title": "[SECURITY] [DLA 1325-1] drupal7 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7600"], "modified": "2018-03-28T22:42:25", "id": "DEBIAN:DLA-1325-1:426F0", "href": "https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-03T04:32:22", "description": "Package : drupal7\nVersion : 7.14-2+deb7u18\nCVE ID : CVE-2018-7600\n\nJasper Mattsson found a remote code execution vulnerability in the\nDrupal content management system. This potentially allows attackers to\nexploit multiple attack vectors on a Drupal site, which could result in\nthe site being completely compromised.\n\nFor further information please refer to the official upstream advisory\nat https://www.drupal.org/sa-core-2018-002.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n7.14-2+deb7u18.\n\nWe recommend that you upgrade your drupal7 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-03-28T22:42:25", "type": "debian", "title": "[SECURITY] [DLA 1325-1] drupal7 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7600"], "modified": "2018-03-28T22:42:25", "id": "DEBIAN:DLA-1325-1:E895C", "href": "https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-18T23:49:45", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4156-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nMarch 29, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : drupal7\nCVE ID : CVE-2018-7600\nDebian Bug : 894259\n\nA remote code execution vulnerability has been found in Drupal, a\nfully-featured content management framework. For additional information,\nplease refer to the upstream advisory at\nhttps://www.drupal.org/sa-core-2018-002\n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 7.32-1+deb8u11.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 7.52-2+deb9u3.\n\nWe recommend that you upgrade your drupal7 packages.\n\nFor the detailed security status of drupal7 please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/drupal7\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-03-28T22:31:37", "type": "debian", "title": "[SECURITY] [DSA 4156-1] drupal7 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7600"], "modified": "2018-03-28T22:31:37", "id": "DEBIAN:DSA-4156-1:C1814", "href": "https://lists.debian.org/debian-security-announce/2018/msg00082.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T21:32:44", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4156-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nMarch 29, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : drupal7\nCVE ID : CVE-2018-7600\nDebian Bug : 894259\n\nA remote code execution vulnerability has been found in Drupal, a\nfully-featured content management framework. For additional information,\nplease refer to the upstream advisory at\nhttps://www.drupal.org/sa-core-2018-002\n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 7.32-1+deb8u11.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 7.52-2+deb9u3.\n\nWe recommend that you upgrade your drupal7 packages.\n\nFor the detailed security status of drupal7 please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/drupal7\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-03-28T22:31:37", "type": "debian", "title": "[SECURITY] [DSA 4156-1] drupal7 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7600"], "modified": "2018-03-28T22:31:37", "id": "DEBIAN:DSA-4156-1:CE193", "href": "https://lists.debian.org/debian-security-announce/2018/msg00082.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "description": "The Apache HTTP Server is a powerful, efficient, and extensible web server. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2017-09-30T07:40:09", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: httpd-2.4.27-8.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2017-09-30T07:40:09", "id": "FEDORA:A9847604E850", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RXQ5ISMWMJET3OQAPZBIO632OATTXUB2/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:54", "description": "The Apache HTTP Server is a powerful, efficient, and extensible web server. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2017-09-22T18:54:37", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: httpd-2.4.27-3.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2017-09-22T18:54:37", "id": "FEDORA:092E9605F081", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/R4JEOCEFPTVRSQESLYQKPEEKR3XN7LBV/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "archlinux": [{"lastseen": "2021-07-28T14:34:07", "description": "Arch Linux Security Advisory ASA-201709-15\n==========================================\n\nSeverity: High\nDate : 2017-09-18\nCVE-ID : CVE-2017-9798\nPackage : apache\nType : information disclosure\nRemote : Yes\nLink : https://security.archlinux.org/AVG-404\n\nSummary\n=======\n\nThe package apache before version 2.4.27-2 is vulnerable to information\ndisclosure.\n\nResolution\n==========\n\nUpgrade to 2.4.27-2.\n\n# pacman -Syu \"apache>=2.4.27-2\"\n\nThe problem has been fixed upstream but no release is available yet.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nAn use after free vulnerability has been discovered in Apache HTTP\n2.4.27 that causes a corrupted Allow header to be constructed in\nresponse to HTTP OPTIONS requests. This can leak pieces of arbitrary\nmemory from the server process that may contain secrets. The memory\npieces change after multiple requests, so for a vulnerable host an\narbitrary number of memory chunks can be leaked.\nThe bug appears if a webmaster tries to use the \"Limit\" directive with\nan invalid HTTP method.\n\nImpact\n======\n\nA remote attacker is able to leak memory and potentially obtain\nsensitive information from the server process.\n\nReferences\n==========\n\nhttps://bz.apache.org/bugzilla/show_bug.cgi?id=61207\nhttps://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch\nhttp://www.openwall.com/lists/oss-security/2017/09/18/2\nhttps://github.com/hannob/optionsbleed\nhttps://security.archlinux.org/CVE-2017-9798", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2017-09-18T00:00:00", "type": "archlinux", "title": "[ASA-201709-15] apache: information disclosure", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2017-09-18T00:00:00", "id": "ASA-201709-15", "href": "https://security.archlinux.org/ASA-201709-15", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-07-28T14:34:04", "description": "Arch Linux Security Advisory ASA-201804-1\n=========================================\n\nSeverity: Critical\nDate : 2018-04-01\nCVE-ID : CVE-2018-7600\nPackage : drupal\nType : arbitrary code execution\nRemote : Yes\nLink : https://security.archlinux.org/AVG-665\n\nSummary\n=======\n\nThe package drupal before version 8.5.1-1 is vulnerable to arbitrary\ncode execution.\n\nResolution\n==========\n\nUpgrade to 8.5.1-1.\n\n# pacman -Syu \"drupal>=8.5.1-1\"\n\nThe problem has been fixed upstream in version 8.5.1.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nA remote code execution vulnerability exists within multiple subsystems\nof Drupal 7.x and 8.x. This potentially allows attackers to exploit\nmultiple attack vectors on a Drupal site, which could result in the\nsite being completely compromised.\n\nImpact\n======\n\nA remote attacker is able to execute arbitrary code by performing a\nspecially crafted request.\n\nReferences\n==========\n\nhttps://www.drupal.org/sa-core-2018-002\nhttps://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know\nhttps://github.com/drupal/drupal/commit/5ac8738fa69df34a0635f0907d661b509ff9a28f\nhttps://security.archlinux.org/CVE-2018-7600", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-04-01T00:00:00", "type": "archlinux", "title": "[ASA-201804-1] drupal: arbitrary code execution", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7600"], "modified": "2018-04-01T00:00:00", "id": "ASA-201804-1", "href": "https://security.archlinux.org/ASA-201804-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2023-01-26T13:13:44", "description": "## Releases\n\n * Ubuntu 17.04 \n * Ubuntu 16.04 ESM\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * apache2 \\- Apache HTTP server\n\nHanno B\u00f6ck discovered that the Apache HTTP Server incorrectly handled \nLimit directives in .htaccess files. In certain configurations, a remote \nattacker could possibly use this issue to read arbitrary server memory, \nincluding sensitive information. This issue is known as Optionsbleed.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-09-19T00:00:00", "type": "ubuntu", "title": "Apache HTTP Server vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2017-09-19T00:00:00", "id": "USN-3425-1", "href": "https://ubuntu.com/security/notices/USN-3425-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-26T13:13:04", "description": "## Releases\n\n * Ubuntu 12.04 \n\n## Packages\n\n * apache2 \\- Apache HTTP server\n\nUSN-3425-1 fixed a vulnerability in Apache HTTP Server. This update \nprovides the corresponding update for Ubuntu 12.04 ESM.\n\nOriginal advisory details:\n\nHanno B\u00f6ck discovered that the Apache HTTP Server incorrectly handled \nLimit directives in .htaccess files. In certain configurations, a remote \nattacker could possibly use this issue to read arbitrary server memory, \nincluding sensitive information. This issue is known as Optionsbleed.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-10-24T00:00:00", "type": "ubuntu", "title": "Apache HTTP Server vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2017-10-24T00:00:00", "id": "USN-3425-2", "href": "https://ubuntu.com/security/notices/USN-3425-2", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-26T13:09:11", "description": "## Releases\n\n * Ubuntu 12.04 \n\n## Packages\n\n * openssl \\- Secure Socket Layer (SSL) cryptographic library and tools\n\nUSN-3628-1 fixed a vulnerability in OpenSSL. This update provides \nthe corresponding update for Ubuntu 12.04 ESM.\n\nOriginal advisory details:\n\nAlejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia \ndiscovered that OpenSSL incorrectly handled RSA key generation. An attacker could possibly \nuse this issue to perform a cache-timing attack and recover private RSA keys.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-04-19T00:00:00", "type": "ubuntu", "title": "OpenSSL vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0737"], "modified": "2018-04-19T00:00:00", "id": "USN-3628-2", "href": "https://ubuntu.com/security/notices/USN-3628-2", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-26T13:09:12", "description": "## Releases\n\n * Ubuntu 17.10 \n * Ubuntu 16.04 ESM\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * openssl \\- Secure Socket Layer (SSL) cryptographic library and tools\n\nAlejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia \ndiscovered that OpenSSL incorrectly handled RSA key generation. An attacker could possibly \nuse this issue to perform a cache-timing attack and recover private RSA keys.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-04-19T00:00:00", "type": "ubuntu", "title": "OpenSSL vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0737"], "modified": "2018-04-19T00:00:00", "id": "USN-3628-1", "href": "https://ubuntu.com/security/notices/USN-3628-1", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "slackware": [{"lastseen": "2023-02-08T16:13:45", "description": "New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\n14.2, and -current to fix a security issue.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/httpd-2.4.27-i586-2_slack14.2.txz: Rebuilt.\n This update patches a security issue (\"Optionsbleed\") with the OPTIONS http\n method which may leak arbitrary pieces of memory to a potential attacker.\n Thanks to Hanno Bo:ck.\n For more information, see:\n http://seclists.org/oss-sec/2017/q3/477\n https://vulners.com/cve/CVE-2017-9798\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/httpd-2.2.34-i486-2_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/httpd-2.2.34-x86_64-2_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/httpd-2.2.34-i486-2_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/httpd-2.2.34-x86_64-2_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/httpd-2.2.34-i486-2_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/httpd-2.2.34-x86_64-2_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/httpd-2.4.27-i486-2_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/httpd-2.4.27-x86_64-2_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/httpd-2.4.27-i486-2_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/httpd-2.4.27-x86_64-2_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/httpd-2.4.27-i586-2_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/httpd-2.4.27-x86_64-2_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.4.27-i586-3.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.4.27-x86_64-3.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 package:\n1d84028976a221517f3880891d82240d httpd-2.2.34-i486-2_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n22dd84ddbaaa226f439966b4dff9f8e0 httpd-2.2.34-x86_64-2_slack13.0.txz\n\nSlackware 13.1 package:\nb4b5d21bae978270445fa8e03b5b77a9 httpd-2.2.34-i486-2_slack13.1.txz\n\nSlackware x86_64 13.1 package:\nd9f4cd3c883ddb34c6855dc387d373f4 httpd-2.2.34-x86_64-2_slack13.1.txz\n\nSlackware 13.37 package:\nec970592d7e91ed417a9bbaf7ad495d5 httpd-2.2.34-i486-2_slack13.37.txz\n\nSlackware x86_64 13.37 package:\nd8286c041210b312d9facc3b7912e97f httpd-2.2.34-x86_64-2_slack13.37.txz\n\nSlackware 14.0 package:\ne152b68187918dc592a5346c79b7c05d httpd-2.4.27-i486-2_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n711abde18d484661f731422d333931ea httpd-2.4.27-x86_64-2_slack14.0.txz\n\nSlackware 14.1 package:\n7db6d646d14d9dd0ba3422bc6a5187e2 httpd-2.4.27-i486-2_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n1a8faf0343d8a1e06e2a6102d3a09e84 httpd-2.4.27-x86_64-2_slack14.1.txz\n\nSlackware 14.2 package:\n65704345c6deb52ba079f661a12e7e1e httpd-2.4.27-i586-2_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n16147809df94a27bff1aad4505ae5b7c httpd-2.4.27-x86_64-2_slack14.2.txz\n\nSlackware -current package:\ncc34f27a9928ce108cae65dc1db6282e n/httpd-2.4.27-i586-3.txz\n\nSlackware x86_64 -current package:\n84d2b395649953f128679fb969c19d66 n/httpd-2.4.27-x86_64-3.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg httpd-2.4.27-i586-2_slack14.2.txz\n\nThen, restart Apache httpd:\n\n > /etc/rc.d/rc.httpd stop\n > /etc/rc.d/rc.httpd start", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-09-18T19:20:15", "type": "slackware", "title": "[slackware-security] httpd", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2017-09-18T19:20:15", "id": "SSA-2017-261-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.551634", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "oraclelinux": [{"lastseen": "2021-07-28T14:25:00", "description": "[2.4.6-67.0.1.el7_4.5]\n- replace index.html with Oracle's index page oracle_index.html\n[2.4.6-67.5]\n- Resolves: #1493064 - CVE-2017-9798 httpd: Use-after-free by limiting\n unregistered HTTP method", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2017-10-11T00:00:00", "type": "oraclelinux", "title": "httpd security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2017-10-11T00:00:00", "id": "ELSA-2017-2882", "href": "http://linux.oracle.com/errata/ELSA-2017-2882.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "centos": [{"lastseen": "2023-01-01T04:42:12", "description": "**CentOS Errata and Security Advisory** CESA-2017:2882\n\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno B\u00f6ck for reporting this issue.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2017-October/072040.html\n\n**Affected packages:**\nhttpd\nhttpd-devel\nhttpd-manual\nhttpd-tools\nmod_ldap\nmod_proxy_html\nmod_session\nmod_ssl\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2017:2882", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-10-11T20:46:20", "type": "centos", "title": "httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2017-10-11T20:46:20", "id": "CESA-2017:2882", "href": "https://lists.centos.org/pipermail/centos-announce/2017-October/072040.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "freebsd": [{"lastseen": "2022-01-19T15:51:31", "description": "\n\nThe Fuzzing Project reports:\n\nApache httpd allows remote attackers to read secret data from\n\t process memory if the Limit directive can be set in a user's\n\t .htaccess file, or if httpd.conf has certain misconfigurations,\n\t aka Optionsbleed. This affects the Apache HTTP Server through\n\t 2.2.34 and 2.4.x through 2.4.27. The attacker sends an\n\t unauthenticated OPTIONS HTTP request when attempting to read\n\t secret data. This is a use-after-free issue and thus secret data\n\t is not always sent, and the specific data depends on many factors\n\t including configuration. Exploitation with .htaccess can be\n\t blocked with a patch to the ap_limit_section function in\n\t server/core.c.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2017-09-18T00:00:00", "type": "freebsd", "title": "Apache -- HTTP OPTIONS method can leak server memory", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2017-09-18T00:00:00", "id": "76B085E2-9D33-11E7-9260-000C292EE6B8", "href": "https://vuxml.freebsd.org/freebsd/76b085e2-9d33-11e7-9260-000c292ee6b8.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-01-19T15:51:31", "description": "\n\nDrupal Security Team reports:\n\nCVE-2018-7600: Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6,\n\t and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because\n\t of an issue affecting multiple subsystems with default or common module configurations.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-03-13T00:00:00", "type": "freebsd", "title": "drupal -- Drupal Core - Multiple Vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7600"], "modified": "2018-03-13T00:00:00", "id": "A9E466E8-4144-11E8-A292-00E04C1EA73D", "href": "https://vuxml.freebsd.org/freebsd/a9e466e8-4144-11e8-a292-00e04c1ea73d.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "photon": [{"lastseen": "2022-05-12T18:08:57", "description": "Updates of ['httpd'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-10-11T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2017-0077", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2017-10-11T00:00:00", "id": "PHSA-2017-0077", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-77", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-05-12T18:30:13", "description": "Updates of ['openssl'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-07-30T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2018-0078", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0737"], "modified": "2018-07-30T00:00:00", "id": "PHSA-2018-0078", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-78", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-11-03T21:01:38", "description": "An update of {'openssl'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-07-30T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2018-2.0-0078", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0737"], "modified": "2018-07-30T00:00:00", "id": "PHSA-2018-2.0-0078", "href": "https://github.com/vmware/photon/wiki/Security-Updates-2-78", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "f5": [{"lastseen": "2020-04-06T22:40:46", "description": "\nF5 Product Development has assigned ID 684033 (BIG-IP) to this vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | None | 13.0.0 - 13.0.1 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable1 | None \nBIG-IP AAM | None | 13.0.0 - 13.0.1 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 | Not vulnerable1 | None \nBIG-IP AFM | None | 13.0.0 - 13.0.1 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 | Not vulnerable1 | None \nBIG-IP Analytics | None | 13.0.0 - 13.0.1 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable1 | None \nBIG-IP APM | None | 13.0.0 - 13.0.1 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable1 | None \nBIG-IP ASM | None | 13.0.0 - 13.0.1 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable1 | None \nBIG-IP DNS | None | 13.0.0 - 13.0.1 \n12.0.0 - 12.1.2 | Not vulnerable1 | None \nBIG-IP Edge Gateway | None | 11.2.1 | Not vulnerable1 | None \nBIG-IP GTM | None | 11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable1 | None \nBIG-IP Link Controller | None | 13.0.0 - 13.0.1 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable1 | None \nBIG-IP PEM | None | 13.0.0 - 13.0.1 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 | Not vulnerable1 | None \nBIG-IP PSM | None | 11.4.1 | Not vulnerable1 | None \nBIG-IP WebAccelerator | None | 11.2.1 | Not vulnerable1 | None \nBIG-IP WebSafe | None | 13.0.0 - 13.0.1 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 | Not vulnerable1 | None \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | None | 3.1.1 | Not vulnerable | None \nBIG-IQ Cloud | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Device | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Security | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ ADC | None | 4.5.0 | Not vulnerable | None \nBIG-IQ Centralized Management | None | 5.0.0 - 5.3.0 \n4.6.0 | Not vulnerable | None \nBIG-IQ Cloud and Orchestration | None | 1.0.0 | Not vulnerable | None \nF5 iWorkflow | None | 2.0.0 - 2.3.0 | Not vulnerable1 | None \nLineRate | None | 2.5.0 - 2.6.2 | Not vulnerable | None \nTraffix SDC | None | 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0 | Not vulnerable | None \n \n1The specified products contain the affected code. However, F5 identifies the vulnerability status as Not vulnerable because the attacker cannot exploit the code in default, standard, or recommended configurations. Additionally, F5 iWorkflow does not run Apache HTTPD.\n\nNone\n\nConfiguring the BIG-IP system to protect vulnerable back-end Apache servers\n\nWhile the BIG-IP system is not vulnerable, the BIG-IP system will proxy exploits to vulnerable Apache servers behind the BIG-IP system. You can protect these servers by disallowing the **OPTIONS** method in all requests. To do so, you can apply any of the following methods to each BIG-IP virtual server:\n\n**Impact of action**: Requests using the **OPTIONS** method will be blocked.\n\n * You can use the **HTTP::method** iRules command to check for the **OPTIONS** method and then perform actions such as returning an HTTP 501 response code to the client. For more information, refer to the following iRules snippet: \n\nwhen HTTP_REQUEST { \n if { [HTTP::method] equals \"OPTIONS\" } { \n HTTP::respond 501 \n } else { \n # additional logic if needed. \n } \n}\n\n * The HTTP profile allows you to limit the permitted HTTP methods in the **Known Methods** setting (under the **Enforcement** section). You can configure the affected HTTP profile with the value **Reject** for the **Unknown Method** setting and delete the value **OPTIONS** from the **Known Methods** setting.\n * For the BIG-IP PSM system, by default, the HTTP Security profile does not allow the HTTP OPTIONS method. You can associate the default HTTP Security profile to the affected virtual servers.\n * For the BIG-IP ASM system, by default, the ASM security policy does not allow the HTTP OPTIONS method. You must ensure that the HTTP OPTIONS method is not configured in the **Allowed Methods** setting on the **Security** > **Application Security** > **Headers** > **Methods** page. The BIG-IP ASM system will log an Illegal Method violation when it detects HTTP methods that are not listed in the **Allowed Methods** setting. For more information, refer to [K12312: Overview of BIG-IP ASM Illegal Method violations](<https://support.f5.com/csp/article/K12312>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2017-09-19T08:44:00", "type": "f5", "title": "Apache HTTPD vulnerability CVE-2017-9798", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2018-08-20T21:19:00", "id": "F5:K70084351", "href": "https://support.f5.com/csp/article/K70084351", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-09-26T22:28:10", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-03-29T18:25:00", "type": "f5", "title": "Drupal vulnerability CVE-2018-7600", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7600"], "modified": "2018-03-29T18:25:00", "id": "F5:K22854260", "href": "https://support.f5.com/csp/article/K22854260", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-20T22:23:22", "description": "\nF5 Product Development has assigned CPF-24906 and CPF-24907 (Traffix SDC) to this vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 13.x | None | Not applicable | Not vulnerable2 | None | None \n12.x | None | Not applicable \n11.x | None | Not applicable \nARX | 6.x | None | Not applicable | Not vulnerable | None | None \nEnterprise Manager | 3.x | None | Not applicable | Not vulnerable2 | None | None \nBIG-IQ Centralized Management | 5.x | None | Not applicable | Not vulnerable2 | None | None \n4.x | None | Not applicable \nBIG-IQ Cloud and Orchestration | 1.x | None | Not applicable | Not vulnerable2 | None | None \nF5 iWorkflow | 2.x | None | Not applicable | Not vulnerable2 | None | None \nLineRate | 2.x | None | Not applicable | Not vulnerable | None | None \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | Low | [3.3](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N>) | OpenSSL RSA key generation \n4.x | 4.4.0 | None \n \n1 The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\n2 The specified products contain the affected code. However, F5 identifies the vulnerability status as Not vulnerable because the attacker cannot exploit the code in default, standard, or recommended configurations.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-05-31T08:00:00", "type": "f5", "title": "OpenSSL RSA key generation vulnerability CVE-2018-0737", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0737"], "modified": "2018-05-31T08:00:00", "id": "F5:K43429502", "href": "https://support.f5.com/csp/article/K43429502", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "redhat": [{"lastseen": "2021-10-21T04:46:47", "description": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno B\u00f6ck for reporting this issue.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2017-10-11T15:17:48", "type": "redhat", "title": "(RHSA-2017:2882) Moderate: httpd security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2018-04-11T23:32:53", "id": "RHSA-2017:2882", "href": "https://access.redhat.com/errata/RHSA-2017:2882", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-10-19T20:37:14", "description": "The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module.\n\nThe following packages have been upgraded to a later upstream version: httpd24-httpd (2.4.27). (BZ#1461819)\n\nSecurity Fix(es):\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno B\u00f6ck for reporting this issue.\n\nBug Fix(es):\n\n* The httpd package installation script tried to create both the \"apache\" user and group in a single \"useradd\" command. Consequently, when the \"apache\" group had already been created on the system, the command failed, and the \"apache\" user was not created. To fix this bug, the \"apache\" group is now created by a separate command, and the \"apache\" user is correctly created during httpd installation even when the \"apache\" group exists. (BZ#1486843)\n\n* When installing the httpd24 Software Collection using the \"yum\" command, if the \"apache\" group already existed on the system with GID other than 48, the \"apache\" user was not created. This update fixes the bug. (BZ#1487164)\n\n* With this update, it is possible to run the mod_rewrite external mapping program as a non-root user. (BZ#1486832)\n\n* On a Red Hat Enterprise Linux 6 system, when the httpd service was stopped twice in a row by running the \"service httpd stop\" command, a misleading message was returned: \"Stopping httpd: [FAILED]\". This bug has been fixed. (BZ#1418395)\n\n* When the \"service httpd24-httpd graceful\" command was used on Red Hat Enterprise Linux 7 while the httpd24-httpd service was not running, the daemon was started without being tracked by systemd. As a consequence, the daemon ran in an incorrect SELinux domain. This bug has been fixed, and the httpd daemon runs in the correct SELinux domain in the described scenario. (BZ#1440858)\n\nEnhancement(s):\n\n* With this update, the mod_ssl module supports the ALPN protocol on Red Hat Enterprise Linux 7.4 and later versions. (BZ#1327548)\n\nFor further details, see the Red Hat Software Collections 3.0 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2017-10-24T08:16:35", "type": "redhat", "title": "(RHSA-2017:3018) Moderate: httpd24 security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2018-06-12T21:28:16", "id": "RHSA-2017:3018", "href": "https://access.redhat.com/errata/RHSA-2017:3018", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "httpd": [{"lastseen": "2021-07-28T15:48:19", "description": "When an unrecognized HTTP Method is given in an <Limit {method}> directive in an .htaccess file, and that .htaccess file is processed by the corresponding request, the global methods table is corrupted in the current worker process, resulting in erratic behaviour. This behavior may be avoided by listing all unusual HTTP Methods in a global httpd.conf RegisterHttpMethod directive in httpd release 2.4.25 and later. To permit other .htaccess directives while denying the <Limit > directive, see the AllowOverrideList directive. Source code patch (2.4) is at; CVE-2017-9798-patch-2.4.patch Source code patch (2.2) is at; CVE-2017-9798-patch-2.2.patch Note 2.2 is end-of-life, no further release with this fix is planned. Users are encouraged to migrate to 2.4.28 or later for this and other fixes.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2017-07-12T00:00:00", "type": "httpd", "title": "Apache Httpd < 2.2.35-never : Use-after-free when using <Limit > with an unrecognized method in .htaccess (\"OptionsBleed\")", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2017-07-12T00:00:00", "id": "HTTPD:7DDAAFDB1FD8B2E7FD36ADABA5DB6DAA", "href": "https://httpd.apache.org/security_report.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-07-28T15:48:19", "description": "When an unrecognized HTTP Method is given in an <Limit {method}> directive in an .htaccess file, and that .htaccess file is processed by the corresponding request, the global methods table is corrupted in the current worker process, resulting in erratic behaviour. This behavior may be avoided by listing all unusual HTTP Methods in a global httpd.conf RegisterHttpMethod directive in httpd release 2.4.25 and later. To permit other .htaccess directives while denying the <Limit > directive, see the AllowOverrideList directive. Source code patch (2.4) is at; CVE-2017-9798-patch-2.4.patch Source code patch (2.2) is at; CVE-2017-9798-patch-2.2.patch Note 2.2 is end-of-life, no further release with this fix is planned. Users are encouraged to migrate to 2.4.28 or later for this and other fixes.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2017-07-12T00:00:00", "type": "httpd", "title": "Apache Httpd < 2.4.28 : Use-after-free when using <Limit > with an unrecognized method in .htaccess (\"OptionsBleed\")", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2017-10-05T00:00:00", "id": "HTTPD:6236A32987BAE49DFBF020477B1278DD", "href": "https://httpd.apache.org/security_report.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "checkpoint_advisories": [{"lastseen": "2021-12-17T11:32:59", "description": "OptionsBleed Scanner is a vulnerability scanning product. Remote attackers can use OptionsBleed Scanner to detect vulnerabilities on a target server.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2017-10-15T00:00:00", "type": "checkpoint_advisories", "title": "Apache HTTP OptionsBleed Memory Leak Scanner (CVE-2017-9798)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2017-11-13T00:00:00", "id": "CPAI-2017-0896", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-12-17T11:34:01", "description": "A use afetr free vulnerability exuists in Apache HTTP Server. A remote attacker can exploit this issue by sending an OPTIONS request to the vulnerable system. A successful attack may lead to memory leakage and loss of private data.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2017-09-18T00:00:00", "type": "checkpoint_advisories", "title": "Apache HTTP Optionsbleed Memory Leak (CVE-2017-9798)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2017-09-19T00:00:00", "id": "CPAI-2017-0774", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-12-17T11:12:02", "description": "A code execution vulnerability exists in Drupal Core. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-11-05T00:00:00", "type": "checkpoint_advisories", "title": "Drupal Core Form Rendering Remote Code Execution (CVE-2018-7600)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7600"], "modified": "2020-11-05T00:00:00", "id": "CPAI-2018-1697", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-17T11:24:55", "description": "A code execution vulnerability exists in Drupal Core. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-03-29T00:00:00", "type": "checkpoint_advisories", "title": "Drupal Core Remote Code Execution (CVE-2018-7600)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7600"], "modified": "2019-02-20T00:00:00", "id": "CPAI-2018-0192", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ibm": [{"lastseen": "2022-06-28T21:58:41", "description": "## Summary\n\nPowerKVM is affected by a vulnerability in the Apache HTTP Server (httpd). IBM has now addressed this vulnerability.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2017-9798_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9798>)** \nDESCRIPTION:** Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS method, aka Optionsbleed. By sending an OPTIONS HTTP request, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/132159_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/132159>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n\n## Affected Products and Versions\n\nPowerKVM 3.1\n\n## Remediation/Fixes\n\nCustomers can update PowerKVM systems by using \"yum update\". \n\nFix images are made available via Fix Central. For version 3.1, see [_https://ibm.biz/BdHggw_](<https://ibm.biz/BdHggw>). This issue is addressed starting with v3.1.0.2 update 11.\n\n## Workarounds and Mitigations\n\nnone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n19 October 2017 - Initial Version\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSZJY4\",\"label\":\"PowerKVM\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"3.1\",\"Edition\":\"KVM\",\"Line of Business\":{\"code\":\"LOB08\",\"label\":\"Cognitive Systems\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-18T01:38:34", "type": "ibm", "title": "Security Bulletin: A vulnerability in httpd affects PowerKVM", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2018-06-18T01:38:34", "id": "59AFB6B22B3D21FAFDC933DA29973F4C6887013B5320E839F5B0B140E8DDA7D1", "href": "https://www.ibm.com/support/pages/node/632369", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:49:19", "description": "## Summary\n\nIBM Security Access Manager Appliance has addressed the following vulnerability. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2017-9798_](<https://vulners.com/cve/CVE-2017-9798>)** \nDESCRIPTION:** Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS method, aka Optionsbleed. By sending an OPTIONS HTTP request, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/132159_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/132159>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\n**Affected IBM Security Access Manager Appliance**\n\n| \n\n**Affected Versions** \n \n---|--- \nIBM Security Access Manager for Web| 7.0-7.0.0.31 \n \n## Remediation/Fixes\n\n**Product**\n\n| \n\n**VRMF**\n\n| \n\n**APAR**\n\n| \n\n**Remediation ** \n \n---|---|---|--- \nIBM Security Access Manager for Web| 7.0 - 7.0.0.31| IJ03385| Upgrade to 7.0.0.34: \n[7.0.0-ISS-WGA-IF0034](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=7.0.0&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-16T22:05:42", "type": "ibm", "title": "Security Bulletin: IBM Security Access Manager Appliance is affected by a HTTPD vulnerability (CVE-2017-9798)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2018-06-16T22:05:42", "id": "75AE9D4CB9FE02C082FC4424DBD420EA2EAC4CD4BCE0C4E376DC8DEE1119F8D3", "href": "https://www.ibm.com/support/pages/node/305015", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T21:41:08", "description": "## Summary\n\nIBM SmartCloud Entry has addressed the vulnerability in Apache HTTP. Following are the vulnerability details.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2017-9798_](<https://vulners.com/cve/CVE-2017-9798>)** \nDESCRIPTION:** Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS method, aka Optionsbleed. By sending an OPTIONS HTTP request, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/132159_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/132159>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n\n## Affected Products and Versions\n\nIBM Smart Cloud Entry 2.4, 3.1, and 3.2\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRMF**| **APAR**| **Remediation/First Fix** \n---|---|---|--- \nIBM SmartCloud Entry| 3.2| None| Contact [IBM Support.](<https://www-947.ibm.com/support/servicerequest/newServiceRequest.action>) \nIBM SmartCloud Entry| 3.1| None \nIBM SmartCloud Entry| 2.4| None \n \nFor all IBM Smart Cloud Entry releases, refer to information about the replacement program as per withdrawal announcement ENUS914-189. For information about the latest release of IBM Cloud Manager for Openstack, please see** **[**http://www-01.ibm.com/support/docview.wss?uid=isg400003605**](<http://www-01.ibm.com/support/docview.wss?uid=isg400003605>)[](<http://www-01.ibm.com/support/docview.wss?uid=isg400003360>) \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-19T00:49:12", "type": "ibm", "title": "Security Bulletin: Security vulnerability in Apache HTTP affects IBM SmartCloud Entry (CVE-2017-9798)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2020-07-19T00:49:12", "id": "91C10A77460E47F53661352C6380E6E959F0A94B552C3AE3314BBEC480C0AD09", "href": "https://www.ibm.com/support/pages/node/632757", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:38:54", "description": "## Summary\n\nApache HTTP Server has security vulnerability caused due to error in the HTTP Option method. Respective security vulnerability is discussed in detail in the subsequent section.\n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2017-9798_](<https://vulners.com/cve/CVE-2017-9798>)** \nDESCRIPTION:** Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS method, aka Optionsbleed. By sending an OPTIONS HTTP request, a remote attacker could exploit this vulnerability to obtain sensitive information. \n**CVSS Base Score:** 7.5 \n**CVSS Temporal Score: **See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/132159_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/132159>) for the current score. \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n\n## Affected Products and Versions\n\nIBM Rational Build Forge from 8.0.0.6.\n\n## Remediation/Fixes\n\nYou must download the Fix pack specified in the following table and apply it. \n\n\n**Affected Version** | \n\n**Fix** \n---|--- \n \nBuild Forge 8.0.0.6 | \n\nRational Build Forge 8.0.0.7 [Download](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Build+Forge&fixids=RationalBuildForge-8.0.0.7&source=SAR>). \n \n\n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-20T14:39:19", "type": "ibm", "title": "Security Bulletin: A Security vulnerability has been identified in Apache HTTP Server used by Rational Build Forge. (CVE-2017-9798)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2020-04-20T14:39:19", "id": "825B52995DBE90672BBA09CCFBDD51925814B984495E8E740D466D1C921FE61C", "href": "https://www.ibm.com/support/pages/node/567551", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T21:43:02", "description": "## Summary\n\nHTTP Server is supported by IBM i. IBM i has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2017-9798_](<https://vulners.com/cve/CVE-2017-9798>) \n**DESCRIPTION:** Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS method, aka Optionsbleed. By sending an OPTIONS HTTP request, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/132159_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/132159>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nReleases 7.1, 7.2 and 7.3 of IBM i are affected. \n\n## Remediation/Fixes\n\nThe issue can be fixed by applying a PTF to IBM i. \n \nReleases 7.1, 7.2 and 7.3 of IBM i are supported and will be fixed. \n\n[_http://www-933.ibm.com/support/fixcentral/_](<http://www-933.ibm.com/support/fixcentral/>)\n\n \nThe IBM i PTF numbers are: \n \n**Release 7.1 \u2013 SI65939** \n**Release 7.2 \u2013 SI65915** \n**Release 7.3 \u2013 SI65906** \n \n**_Important note: _**_IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products._\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-12-18T14:26:38", "type": "ibm", "title": "Security Bulletin: Vulnerability CVE-2017-9798 in the IBM i HTTP Server affects IBM i.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2019-12-18T14:26:38", "id": "E515D9AE5ED3FEB7BDBAF35D90286D2E963A5E50F83A19555DC0BA545BE5A8E7", "href": "https://www.ibm.com/support/pages/node/687639", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:55:08", "description": "## Summary\n\nIBM API Connect has addressed the following vulnerabilities. \n \nAPI Connect Developer Portal is impacted by Drupal vulnerability: \n \nDrupal could allow a remote attacker to execute arbitrary code on the system, caused by an error within multiple subsystems. An attacker could exploit this vulnerability using multiple attack vectors to execute arbitrary code on the system.\n\n## Vulnerability Details\n\n \n**CVEID: **[_CVE-2018-7600_](<https://vulners.com/cve/CVE-2018-7600>)** \nDESCRIPTION: **Drupal could allow a remote attacker to execute arbitrary code on the system, caused by an error within multiple subsystems. An attacker could exploit this vulnerability using multiple attack vectors to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/140913_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/140913>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\n**Affected IBM API Connect**\n\n| \n\n**Affected Versions** \n \n---|--- \nIBM API Management| 4.0.0.0-4.0.4.6 \nIBM API Connect| 5.0.6.0-5.0.6.6 \nIBM API Connect| 5.0.7.0-5.0.7.2 \nIBM API Connect| 5.0.8.0-5.0.8.2 \n \n## Remediation/Fixes\n\n**Affected Product**\n\n| \n\n**Addressed in VRMF**\n\n| \n\n**APAR**\n\n| \n\n**Remediation / First Fix** \n \n---|---|---|--- \nIBM API Management \n \n4.0.0.0-4.0.4.6| 4.0.4.6. iFix| LI80057| Addressed in IBM API Connect Developer Portal V4.0.4.6 iFix \n \nFollow this link and find the \"APIConnect-Portal\" \niFix dated on or after 2018/03/28. \n \n[https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=4.0.4.6&platform=All&function=all](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=5.0.6.2&platform=All&function=all>) \nIBM API Connect \n \n5.0.0.0-5.0.6.6| 5.0.6.6 iFix| LI80057| Addressed in IBM API Connect Developer Portal V5.0.6.6 iFix \n \nFollow this link and find the \"APIConnect-Portal\" \niFix dated on or after 2018/03/28. \n \n[https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=5.0.6.6&platform=All&function=all](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=5.0.6.2&platform=All&function=all>) \nIBM API Connect \n \n5.0.7.0-5.0.7.2| 5.0.7.2 iFix \n| LI80057| Addressed in IBM API Connect Developer Portal V5.0.7.2 iFix \n \nFollow this link and find the \n\"APIConnect-Portal\" \n \niFix dated on or after 2018/03/28. \n \n[https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=5.0.7.2&platform=All&function=all](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=5.0.7.0&platform=All&function=all>) \nIBM API Connect \n \n5.0.8.0-5.0.8.2| 5.0.8.2 iFix| LI80057| Addressed in IBM API Connect Developer Portal V5.0.8.2 iFix \n \nFollow this link and find the \"APIConnect-Portal\" \niFix dated on or after 2018/03/28. \n \n[https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=5.0.8.2&platform=All&function=all](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=5.0.7.0&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-15T07:09:07", "type": "ibm", "title": "Security Bulletin: API Connect Developer Portal is affected by Drupal vulnerability (CVE-2018-7600)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7600"], "modified": "2018-06-15T07:09:07", "id": "02D84FEF44D33E0AEFACF9F0F69D208CD35169CED383AB4155C383F596F12961", "href": "https://www.ibm.com/support/pages/node/568925", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:48:26", "description": "## Summary\n\nIBM Security Proventia Network Active Bypass has addressed the following vulnerabilities. (CVE-2018-0737)\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2018-0737](<https://vulners.com/cve/CVE-2018-0737>) \n**DESCRIPTION: ** OpenSSL could allow a local attacker to obtain sensitive information, caused by a cache-timing side channel attack in the RSA Key generation algorithm. An attacker with access to mount cache timing attacks during the RSA key generation process could exploit this vulnerability to recover the private key and obtain sensitive information. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141679> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Security 1G Network Active Bypass firmware version 1.x through 3.x firmware levels 1.0.849 through 3.30.11 \nIBM Security 10G Network Active Bypass firmware versions 1.x through 3.x firmware levels 1.0.1876 through 3.30.11\n\n## Remediation/Fixes\n\n_Product_ | _VRMF_ | _Remediation/First Fix_ \n---|---|--- \n**IBM Security Proventia Network Active Bypass** | 3.X | [Proventia 1G NAB Update 26 (fw 3.30.13)](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Security+Network+Active+Bypass&fixids=20190324_Proventia_1G_Network_Active_Bypass_update-26_fw3.30.13&source=SAR>) \n**IBM Security Proventia Network Active Bypass** | 3.X | \n\n[Proventia 10G NAB Update 23 (fw 3.30.13)](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Security+Network+Active+Bypass&fixids=20190324_Proventia_10G_Network_Active_Bypass_update-23_fw3.30.13&source=SAR >) \n \nFor IBM Security Proventia Network Active Bypass products at the following firmware versions:\n\n * IBM Security 1G Network Active Bypass firmware version 1.X firmware levels 1.0.849 through 3.30.4-12, 3.30.5-21, 3.30.7-23, 3.30.9-27, 3.30.10-37, 3.30.11\n * IBM Security 10G Network Active Bypass firmware versions 1.X firmware levels 1.0.1876 through 3.30.5-21, 3.30.7-23, 3.30.9-27, 3.30.10-37, 3.30.11\n\n \nIBM recommends upgrading to 3.30.13, the supported firmware release of the product.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-03-27T07:35:01", "type": "ibm&qu