ID CVE-2012-2098 Type cve Reporter cve@mitre.org Modified 2021-01-20T15:15:00
Description
Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
{"nessus": [{"lastseen": "2021-01-12T10:11:50", "description": "Rebase to upstream version and add patch to fix CVE-2012-2098.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 11, "published": "2013-05-11T00:00:00", "title": "Fedora 19 : plexus-archiver-2.3-1.fc19 (2013-5530)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2098"], "modified": "2013-05-11T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:19", "p-cpe:/a:fedoraproject:fedora:plexus-archiver"], "id": "FEDORA_2013-5530.NASL", "href": "https://www.tenable.com/plugins/nessus/66376", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-5530.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66376);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_bugtraq_id(53676);\n script_xref(name:\"FEDORA\", value:\"2013-5530\");\n\n script_name(english:\"Fedora 19 : plexus-archiver-2.3-1.fc19 (2013-5530)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Rebase to upstream version and add patch to fix CVE-2012-2098.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=911539\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-May/105121.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bb60b5c7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected plexus-archiver package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:plexus-archiver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/05/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"plexus-archiver-2.3-1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"plexus-archiver\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:10:41", "description": "Update to 1.4.1, fixing CVE-2012-2098\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2012-06-04T00:00:00", "title": "Fedora 16 : apache-commons-compress-1.4.1-1.fc16 (2012-8465)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2098"], "modified": "2012-06-04T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:apache-commons-compress", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-8465.NASL", "href": "https://www.tenable.com/plugins/nessus/59349", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-8465.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59349);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-2098\");\n script_bugtraq_id(53676);\n script_xref(name:\"FEDORA\", value:\"2012-8465\");\n\n script_name(english:\"Fedora 16 : apache-commons-compress-1.4.1-1.fc16 (2012-8465)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 1.4.1, fixing CVE-2012-2098\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=810406\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-June/081746.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?582dc174\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache-commons-compress package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:apache-commons-compress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"apache-commons-compress-1.4.1-1.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache-commons-compress\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:11:50", "description": "Rebase to upstream version 2.3 and add patch to fix CVE-2012-2098.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2013-05-11T00:00:00", "title": "Fedora 18 : plexus-archiver-2.3-1.fc18 (2013-5548)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2098"], "modified": "2013-05-11T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:18", "p-cpe:/a:fedoraproject:fedora:plexus-archiver"], "id": "FEDORA_2013-5548.NASL", "href": "https://www.tenable.com/plugins/nessus/66378", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-5548.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66378);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-2098\");\n script_bugtraq_id(53676);\n script_xref(name:\"FEDORA\", value:\"2013-5548\");\n\n script_name(english:\"Fedora 18 : plexus-archiver-2.3-1.fc18 (2013-5548)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Rebase to upstream version 2.3 and add patch to fix CVE-2012-2098.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=951522\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-May/105060.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?484a0607\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected plexus-archiver package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:plexus-archiver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/05/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"plexus-archiver-2.3-1.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"plexus-archiver\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:10:41", "description": "Update to 1.4.1, fixing CVE-2012-2098\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2012-06-04T00:00:00", "title": "Fedora 17 : apache-commons-compress-1.4.1-1.fc17 (2012-8428)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2098"], "modified": "2012-06-04T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:apache-commons-compress", "cpe:/o:fedoraproject:fedora:17"], "id": "FEDORA_2012-8428.NASL", "href": "https://www.tenable.com/plugins/nessus/59346", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-8428.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59346);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-2098\");\n script_bugtraq_id(53676);\n script_xref(name:\"FEDORA\", value:\"2012-8428\");\n\n script_name(english:\"Fedora 17 : apache-commons-compress-1.4.1-1.fc17 (2012-8428)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 1.4.1, fixing CVE-2012-2098\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-June/081697.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?65e7ee03\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache-commons-compress package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:apache-commons-compress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"apache-commons-compress-1.4.1-1.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache-commons-compress\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:11:50", "description": "Rebase to upstream version 2.3 and add patch to fix CVE-2012-2098.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2013-05-11T00:00:00", "title": "Fedora 17 : plexus-archiver-2.3-1.fc17 (2013-5546)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2098"], "modified": "2013-05-11T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:17", "p-cpe:/a:fedoraproject:fedora:plexus-archiver"], "id": "FEDORA_2013-5546.NASL", "href": "https://www.tenable.com/plugins/nessus/66377", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-5546.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66377);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-2098\");\n script_bugtraq_id(53676);\n script_xref(name:\"FEDORA\", value:\"2013-5546\");\n\n script_name(english:\"Fedora 17 : plexus-archiver-2.3-1.fc17 (2013-5546)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Rebase to upstream version 2.3 and add patch to fix CVE-2012-2098.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=951521\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-May/105049.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?aee6b2b0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected plexus-archiver package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:plexus-archiver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/05/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"plexus-archiver-2.3-1.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"plexus-archiver\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T14:00:49", "description": "The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - Algorithmic complexity vulnerability in the sorting\n algorithms in bzip2 compressing stream\n (BZip2CompressorOutputStream) in Apache Commons Compress\n before 1.4.1 allows remote attackers to cause a denial\n of service (CPU consumption) via a file with many\n repeating inputs. (CVE-2012-2098)", "edition": 24, "published": "2015-01-19T00:00:00", "title": "Oracle Solaris Third-Party Patch Update : ant (algorithmic_complexity_vulnerability_in_apache)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2098"], "modified": "2015-01-19T00:00:00", "cpe": ["cpe:/o:oracle:solaris:11.1", "p-cpe:/a:oracle:solaris:ant"], "id": "SOLARIS11_ANT_20130430.NASL", "href": "https://www.tenable.com/plugins/nessus/80580", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80580);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-2098\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : ant (algorithmic_complexity_vulnerability_in_apache)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - Algorithmic complexity vulnerability in the sorting\n algorithms in bzip2 compressing stream\n (BZip2CompressorOutputStream) in Apache Commons Compress\n before 1.4.1 allows remote attackers to cause a denial\n of service (CPU consumption) via a file with many\n repeating inputs. (CVE-2012-2098)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n # https://blogs.oracle.com/sunsecurity/algorithmic-complexity-vulnerability-in-apache-ant\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4785b054\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11.1.3.4.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:ant\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^ant$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ant\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.1.3.0.4.0\", sru:\"SRU 11.1.3.4.0\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : ant\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_warning(port:0, extra:error_extra);\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"ant\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-02-01T07:39:08", "description": "A VMware product installed on the remote host is affected by multiple\nvulnerabilities :\n\n - A heap overflow vulnerability in VMware Host Guest File\n System (HGFS), could allow a guest to execute arbitrary\n code subject to the privileges of the user running 'vmx'\n process. In order to successfully exploit this issue a\n folder should be shared on the host system and sharing\n should be enabled, which is disabled by default.\n (CVE-2012-2098)\n\n - A vulnerability in Virtual Machine Communication\n Interface (VMCI), a 'experimental' feature designed for\n users building client-server applications, could allow\n a guest to execute arbitrary code subject to the\n privileges of the user running 'vmx' process. For\n successful exploitation of this issue VMCI feature\n should be enabled on the host. (CVE-2012-2099)", "edition": 26, "published": "2008-06-03T00:00:00", "title": "VMware Products Multiple Vulnerabilities (VMSA-2008-0008)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2098", "CVE-2012-2098", "CVE-2012-2099", "CVE-2008-2099"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:vmware:vmware_workstation", "cpe:/a:vmware:vmware_player", "cpe:/a:vmware:ace"], "id": "VMWARE_MULTIPLE_VMSA_2008_0008.NASL", "href": "https://www.tenable.com/plugins/nessus/32503", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32503);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/11/15 20:50:29\");\n\n script_cve_id(\"CVE-2008-2098\", \"CVE-2008-2099\");\n script_bugtraq_id(29443, 29444);\n script_xref(name:\"VMSA\", value:\"2008-0008\");\n\n script_name(english:\"VMware Products Multiple Vulnerabilities (VMSA-2008-0008)\");\n script_summary(english:\"Checks vulnerable versions of multiple VMware products\");\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has an application that is affected by\nmultiple issues.\");\n script_set_attribute(attribute:\"description\", value:\n\"A VMware product installed on the remote host is affected by multiple\nvulnerabilities :\n\n - A heap overflow vulnerability in VMware Host Guest File\n System (HGFS), could allow a guest to execute arbitrary\n code subject to the privileges of the user running 'vmx'\n process. In order to successfully exploit this issue a\n folder should be shared on the host system and sharing\n should be enabled, which is disabled by default.\n (CVE-2012-2098)\n\n - A vulnerability in Virtual Machine Communication\n Interface (VMCI), a 'experimental' feature designed for\n users building client-server applications, could allow\n a guest to execute arbitrary code subject to the\n privileges of the user running 'vmx' process. For\n successful exploitation of this issue VMCI feature\n should be enabled on the host. (CVE-2012-2099)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2008-0008.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/support/player2/doc/releasenotes_player2.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to :\n\n - VMware Workstation 6.0.4 or higher.\n - VMware Player 2.0.4 or higher.\n - VMware ACE 2.0.4 or higher.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/06/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:ace\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:vmware:vmware_player\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:vmware:vmware_workstation\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"vmware_workstation_detect.nasl\",\"vmware_player_detect.nasl\", \"vmware_ace_detect.nasl\");\n script_require_ports(\"VMware/Server/Version\", \"VMware/ACE/Version\", \"VMware/Player/Version\", \"VMware/Workstation/Version\", 139, 445);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"smb_func.inc\");\n\nport = kb_smb_transport();\n\n# Check for VMware Workstation\n\nversion = get_kb_item(\"VMware/Workstation/Version\");\nif (version)\n{\n v = split(version, sep:\".\", keep:FALSE);\n\n if ( int(v[0]) == 6 && int(v[1]) == 0 && int(v[2]) < 4 )\n {\n if (report_verbosity)\n {\n report = string(\n \"\\n\",\n \"Version \",version,\" of VMware Workstation is installed on the remote host.\",\n \"\\n\"\n );\n security_warning(port:port, extra:report);\n }\n else\n \t security_warning(port);\n }\n}\n\n# Check for VMware Player\n\nversion = get_kb_item(\"VMware/Player/Version\");\nif (version)\n{\n v = split(version, sep:\".\", keep:FALSE);\n if ( int(v[0]) == 2 && int(v[1]) == 0 && int(v[2]) < 4 )\n {\n if (report_verbosity)\n {\n report = string(\n \"\\n\",\n \"Version \",version,\" of VMware Player is installed on the remote host.\",\n \"\\n\"\n );\n security_warning(port:port, extra:report);\n }\n else\n security_warning(port);\n }\n}\n\n# Check for VMware ACE\n\nversion = get_kb_item(\"VMware/ACE/Version\");\n if (version)\n {\n v = split(version, sep:\".\", keep:FALSE);\n if ( int(v[0]) == 2 && int(v[1]) == 0 && int(v[2]) < 4 )\n {\n if (report_verbosity)\n {\n report = string(\n \"\\n\",\n \"Version \",version,\" of VMware ACE is installed on the remote host.\",\n \"\\n\"\n );\n security_warning(port:port, extra:report);\n }\n else\n security_warning(port);\n }\n }\n\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-01T07:39:43", "description": "IBM WebSphere Application Server 8.0 before Fix Pack 7 appears to be\nrunning on the remote host. It is, therefore, potentially affected by\nthe following vulnerabilities :\n\n - A flaw exists related to Apache Ant and file\n compression that could lead to denial of service\n conditions. (CVE-2012-2098 / PM90088)\n\n - The TLS protocol in the GSKIT component is vulnerable\n to a plaintext recovery attack.\n (CVE-2013-0169 / PM85211)\n\n - A flaw exists relating to OAuth that could allow a\n remote attacker to obtain someone else's credentials.\n (CVE-2013-0597 / PM85834 / PM87131)\n\n - A flaw exists relating to OpenJPA that is triggered\n during deserialization, which could allow a remote\n attacker to write to the file system and potentially\n execute arbitrary code. Note the vendor states this\n application is not directly affected by this flaw;\n however, this application does include the affected\n version of OpenJPA. (CVE-2013-1768 / PM86780)\n\n - An input validation flaw exists in the optional\n 'mod_rewrite' module in the included IBM HTTP Server\n that could allow arbitrary command execution via\n HTTP requests containing certain escape sequences.\n (CVE-2013-1862 / PM87808)\n\n - A flaw exists related to the optional 'mod_dav'\n module in the included IBM HTTP Server that could\n allow denial of service conditions.\n (CVE-2013-1896 / PM89996)\n\n - User-supplied input validation errors exist related to\n the administrative console that could allow cross-site\n scripting attacks.\n (CVE-2013-2967 / PM78614, CVE-2013-4004 / PM81571,\n CVE-2013-4005 / PM88208)\n\n - An information disclosure vulnerability exists related\n to incorrect caching by the administrative console.\n (CVE-2013-2976 / PM79992)\n\n - A user-supplied input validation error exists that could\n allow cross-site request forgery (CSRF) attacks to be\n carried out. (CVE-2013-3029 / PM88746)", "edition": 25, "published": "2013-08-23T00:00:00", "title": "IBM WebSphere Application Server 8.0 < Fix Pack 7 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0169", "CVE-2013-1896", "CVE-2013-2976", "CVE-2013-4004", "CVE-2012-2098", "CVE-2013-1768", "CVE-2013-1862", "CVE-2013-0597", "CVE-2013-4005", "CVE-2013-3029", "CVE-2013-2967"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:ibm:websphere_application_server"], "id": "WEBSPHERE_8_0_0_7.NASL", "href": "https://www.tenable.com/plugins/nessus/69449", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69449);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2019/11/27\");\n\n script_cve_id(\n \"CVE-2012-2098\",\n \"CVE-2013-0169\",\n \"CVE-2013-0597\",\n \"CVE-2013-1768\",\n \"CVE-2013-1862\",\n \"CVE-2013-1896\",\n \"CVE-2013-2967\",\n \"CVE-2013-2976\",\n \"CVE-2013-3029\",\n \"CVE-2013-4004\",\n \"CVE-2013-4005\"\n );\n script_bugtraq_id(\n 53676,\n 57778,\n 59826,\n 60534,\n 60724,\n 61129,\n 61901,\n 61935,\n 61937,\n 61940,\n 61941\n );\n\n script_name(english:\"IBM WebSphere Application Server 8.0 < Fix Pack 7 Multiple Vulnerabilities\");\n script_summary(english:\"Reads the version number from the SOAP port\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote application server may be affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"IBM WebSphere Application Server 8.0 before Fix Pack 7 appears to be\nrunning on the remote host. It is, therefore, potentially affected by\nthe following vulnerabilities :\n\n - A flaw exists related to Apache Ant and file\n compression that could lead to denial of service\n conditions. (CVE-2012-2098 / PM90088)\n\n - The TLS protocol in the GSKIT component is vulnerable\n to a plaintext recovery attack.\n (CVE-2013-0169 / PM85211)\n\n - A flaw exists relating to OAuth that could allow a\n remote attacker to obtain someone else's credentials.\n (CVE-2013-0597 / PM85834 / PM87131)\n\n - A flaw exists relating to OpenJPA that is triggered\n during deserialization, which could allow a remote\n attacker to write to the file system and potentially\n execute arbitrary code. Note the vendor states this\n application is not directly affected by this flaw;\n however, this application does include the affected\n version of OpenJPA. (CVE-2013-1768 / PM86780)\n\n - An input validation flaw exists in the optional\n 'mod_rewrite' module in the included IBM HTTP Server\n that could allow arbitrary command execution via\n HTTP requests containing certain escape sequences.\n (CVE-2013-1862 / PM87808)\n\n - A flaw exists related to the optional 'mod_dav'\n module in the included IBM HTTP Server that could\n allow denial of service conditions.\n (CVE-2013-1896 / PM89996)\n\n - User-supplied input validation errors exist related to\n the administrative console that could allow cross-site\n scripting attacks.\n (CVE-2013-2967 / PM78614, CVE-2013-4004 / PM81571,\n CVE-2013-4005 / PM88208)\n\n - An information disclosure vulnerability exists related\n to incorrect caching by the administrative console.\n (CVE-2013-2976 / PM79992)\n\n - A user-supplied input validation error exists that could\n allow cross-site request forgery (CSRF) attacks to be\n carried out. (CVE-2013-3029 / PM88746)\");\n # https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_potential_security_exposure_in_ibm_http_server_cve_2013_1862_pm87808?lang=en_us\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?187690fd\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21644047\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg24035457\");\n # https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_potential_security_vulnerabilities_fixed_in_ibm_websphere_application_server_8_0_0_7?lang=en_us\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b1c66192\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Fix Pack 7 for version 8.0 (8.0.0.7) or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-1768\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/05/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/08/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:websphere_application_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"websphere_detect.nasl\");\n script_require_keys(\"www/WebSphere\");\n script_require_ports(\"Services/www\", 8880, 8881);\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n\nport = get_http_port(default:8880, embedded:0);\n\n\nversion = get_kb_item_or_exit(\"www/WebSphere/\"+port+\"/version\");\nif (version =~ \"^[0-9]+(\\.[0-9]+)?$\")\n exit(1, \"Failed to extract a granular version from the IBM WebSphere Application Server \" + version + \" instance listening on port \" + port + \".\");\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\nif (ver[0] == 8 && ver[1] == 0 && ver[2] == 0 && ver[3] < 7)\n{\n set_kb_item(name:\"www/\"+port+\"/XSS\", value:TRUE);\n set_kb_item(name:\"www/\"+port+\"/XSRF\", value:TRUE);\n if (report_verbosity > 0)\n {\n source = get_kb_item_or_exit(\"www/WebSphere/\"+port+\"/source\");\n report =\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 8.0.0.7' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"WebSphere\", port, version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-01T07:39:40", "description": "IBM WebSphere Application Server 7.0 before Fix Pack 31 appears to be\nrunning on the remote host. It is, therefore, potentially affected by\nthe following vulnerabilities :\n\n - A flaw in the mod_rewrite module of Apache HTTP Server\n potentially allows a remote attacker to execute\n arbitrary code via HTTP. (CVE-2013-1862, PM87808)\n\n - An XSS vulnerability exists in IBM WebSphere Application\n Server due to a failure to sanitize user-supplied input\n in the Administrative console. (CVE-2013-4005, PM88208)\n\n - A denial of service vulnerability exists when using the\n optional mod_dav module. (CVE-2013-1896, PM89996)\n\n - A denial of service vulnerability exists due the use of\n Apache Ant to compress files. (CVE-2012-2098, PM90088)\n\n - A privilege escalation vulnerability exists on IBM\n WebSphere Application Servers using WS-Security that are\n configured for XML Digital Signature using trust store.\n (CVE-2013-4053, PM90949, PM91521)\n\n - An XSS vulnerability exists in IBM WebSphere Application\n Server caused by a failure to sanitize user-supplied\n input in the UDDI Administrative console.\n (CVE-2013-4052, PM91892)\n\n - A privilege escalation vulnerability exists in IBM\n WebSphere Application Servers that have been migrated\n from version 6.1 or later. (CVE-2013-5414, PM92313)\n\n - An XSS vulnerability exists in IBM WebSphere Application\n Server due to a failure to sanitize application HTTP\n response data. (CVE-2013-5417, PM93323, PM93944)\n\n - An XSS vulnerability exists in IBM WebSphere Application\n Server due to a failure to sanitize user-supplied input\n in the Administrative console. (CVE-2013-5418, PM96477)\n\n - An XSS vulnerability exists in IBM WebSphere Application\n Server due to a failure to sanitize user-supplied input\n in the Administrative console. (CVE-2013-6725, PM98132)\n\n - An information disclosure vulnerability exists in IBM\n WebSphere Application Servers configured to use static\n file caching using the simpleFileServlet.\n (CVE-2013-6330, PM98624)\n\n - A denial of service vulnerability exists in IBM\n WebSphere Application Server due to a failure to\n properly handle requests by a web services endpoint.\n (CVE-2013-6325, PM99450)\n\n - An information disclosure vulnerability exists in the\n IBM SDK for Java that ships with IBM WebSphere\n Application Server related to JSSE. (CVE-2013-5780)\n\n - A denial of service vulnerability exists in the IBM SDK\n for Java that ships with IBM WebSphere Application\n Server related to XML. (CVE-2013-5372)\n\n - A denial of service vulnerability exists in the IBM SDK\n for Java that ships with IBM WebSphere Application\n Server related to JSSE. (CVE-2013-5803)", "edition": 24, "published": "2014-01-20T00:00:00", "title": "IBM WebSphere Application Server 7.0 < Fix Pack 31 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6325", "CVE-2013-4053", "CVE-2013-1896", "CVE-2013-4052", "CVE-2013-5418", "CVE-2012-2098", "CVE-2013-1862", "CVE-2013-6330", "CVE-2013-5372", "CVE-2013-5417", "CVE-2013-5414", "CVE-2013-5780", "CVE-2013-6725", "CVE-2013-5803", "CVE-2013-4005"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:ibm:websphere_application_server"], "id": "WEBSPHERE_7_0_0_31.NASL", "href": "https://www.tenable.com/plugins/nessus/72061", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72061);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/08/06 14:03:16\");\n\n script_cve_id(\n \"CVE-2012-2098\",\n \"CVE-2013-1862\",\n \"CVE-2013-1896\",\n \"CVE-2013-4005\",\n \"CVE-2013-4052\",\n \"CVE-2013-4053\",\n \"CVE-2013-5372\",\n \"CVE-2013-5414\",\n \"CVE-2013-5417\",\n \"CVE-2013-5418\",\n \"CVE-2013-5780\",\n \"CVE-2013-5803\",\n \"CVE-2013-6325\",\n \"CVE-2013-6330\",\n \"CVE-2013-6725\"\n );\n script_bugtraq_id(\n 53676,\n 59826,\n 61129,\n 61901,\n 62336,\n 62338,\n 63082,\n 63115,\n 63224,\n 63778,\n 63780,\n 63781,\n 65096,\n 65099,\n 65100\n );\n\n script_name(english:\"IBM WebSphere Application Server 7.0 < Fix Pack 31 Multiple Vulnerabilities\");\n script_summary(english:\"Reads the version number from the SOAP port\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote application server is potentially affected by multiple\nvulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"IBM WebSphere Application Server 7.0 before Fix Pack 31 appears to be\nrunning on the remote host. It is, therefore, potentially affected by\nthe following vulnerabilities :\n\n - A flaw in the mod_rewrite module of Apache HTTP Server\n potentially allows a remote attacker to execute\n arbitrary code via HTTP. (CVE-2013-1862, PM87808)\n\n - An XSS vulnerability exists in IBM WebSphere Application\n Server due to a failure to sanitize user-supplied input\n in the Administrative console. (CVE-2013-4005, PM88208)\n\n - A denial of service vulnerability exists when using the\n optional mod_dav module. (CVE-2013-1896, PM89996)\n\n - A denial of service vulnerability exists due the use of\n Apache Ant to compress files. (CVE-2012-2098, PM90088)\n\n - A privilege escalation vulnerability exists on IBM\n WebSphere Application Servers using WS-Security that are\n configured for XML Digital Signature using trust store.\n (CVE-2013-4053, PM90949, PM91521)\n\n - An XSS vulnerability exists in IBM WebSphere Application\n Server caused by a failure to sanitize user-supplied\n input in the UDDI Administrative console.\n (CVE-2013-4052, PM91892)\n\n - A privilege escalation vulnerability exists in IBM\n WebSphere Application Servers that have been migrated\n from version 6.1 or later. (CVE-2013-5414, PM92313)\n\n - An XSS vulnerability exists in IBM WebSphere Application\n Server due to a failure to sanitize application HTTP\n response data. (CVE-2013-5417, PM93323, PM93944)\n\n - An XSS vulnerability exists in IBM WebSphere Application\n Server due to a failure to sanitize user-supplied input\n in the Administrative console. (CVE-2013-5418, PM96477)\n\n - An XSS vulnerability exists in IBM WebSphere Application\n Server due to a failure to sanitize user-supplied input\n in the Administrative console. (CVE-2013-6725, PM98132)\n\n - An information disclosure vulnerability exists in IBM\n WebSphere Application Servers configured to use static\n file caching using the simpleFileServlet.\n (CVE-2013-6330, PM98624)\n\n - A denial of service vulnerability exists in IBM\n WebSphere Application Server due to a failure to\n properly handle requests by a web services endpoint.\n (CVE-2013-6325, PM99450)\n\n - An information disclosure vulnerability exists in the\n IBM SDK for Java that ships with IBM WebSphere\n Application Server related to JSSE. (CVE-2013-5780)\n\n - A denial of service vulnerability exists in the IBM SDK\n for Java that ships with IBM WebSphere Application\n Server related to XML. (CVE-2013-5372)\n\n - A denial of service vulnerability exists in the IBM SDK\n for Java that ships with IBM WebSphere Application\n Server related to JSSE. (CVE-2013-5803)\"\n );\n # https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_potential_security_vulnerabilities_fixed_in_ibm_websphere_application_server_7_0_0_31?lang=en_us\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d2f64a49\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-304.ibm.com/support/docview.wss?uid=swg21661323\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-304.ibm.com/support/docview.wss?uid=swg21655990\");\n script_set_attribute(attribute:\"solution\", value:\n\"If using WebSphere Application Server, apply Fix Pack 31 (7.0.0.31)\nor later.\n\nOtherwise, if using embedded WebSphere Application Server packaged\nwith Tivoli Directory Server, apply the latest recommended eWAS fix\npack.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/06/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/01/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:websphere_application_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"websphere_detect.nasl\");\n script_require_ports(\"Services/www\", 8880, 8881);\n script_require_keys(\"www/WebSphere\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n\nport = get_http_port(default:8880, embedded:0);\n\n\nversion = get_kb_item_or_exit(\"www/WebSphere/\"+port+\"/version\");\nif (version =~ \"^[0-9]+(\\.[0-9]+)?$\")\n exit(1, \"Failed to extract a granular version from the IBM WebSphere Application Server \" + version + \" instance listening on port \" + port + \".\");\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\nif (ver[0] == 7 && ver[1] == 0 && ver[2] == 0 && ver[3] < 31)\n{\n set_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n\n if (report_verbosity > 0)\n {\n source = get_kb_item_or_exit(\"www/WebSphere/\"+port+\"/source\");\n report =\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 7.0.0.31' +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"IBM WebSphere Application Server\", port, version);\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-01T07:39:44", "description": "IBM WebSphere Application Server 8.5 before Fix Pack 8.5.5.1 appears to\nbe running on the remote host and is, therefore, potentially affected by\nthe following vulnerabilities :\n\n - A flaw exists related to Apache Ant and file\n compression that could lead to denial of service\n conditions. (CVE-2012-2098 / PM90088)\n\n - Unspecified errors exist related to the administration\n console that could allow cross-site scripting attacks.\n (CVE-2013-0460 / PM72275, CVE-2013-5418 / PM96477,\n CVE-2013-5425 / PM93828)\n\n - Multiple errors exist related to the IBM Eclipse Help\n System that could allow cross-site scripting attacks\n and information disclosure attacks. (CVE-2013-0464,\n CVE-2013-0467, CVE-2013-0599 / PM89893)\n\n - An input validation flaw exists in the optional\n 'mod_rewrite' module in the included IBM HTTP Server\n that could allow arbitrary command execution via\n HTTP requests containing certain escape sequences.\n (CVE-2013-1862 / PM87808)\n\n - A flaw exists related to the optional 'mod_dav'\n module in the included IBM HTTP Server that could\n allow denial of service conditions.\n (CVE-2013-1896 / PM89996)\n\n - A user-supplied input validation error exists that could\n allow cross-site request forgery (CSRF) attacks to be\n carried out. (CVE-2013-3029 / PM88746)\n\n - User-supplied input validation errors exist related to\n the administrative console that could allow cross-site\n scripting attacks.\n (CVE-2013-4004 / PM81571, CVE-2013-4005 / PM88208)\n\n - An unspecified permissions error exists that could\n allow a local attacker to obtain sensitive information.\n Note this issue only affects the 'Liberty Profile'.\n (CVE-2013-4006 / PM90472)\n\n - An input validation error exists related to the UDDI\n Administrative console that could allow cross-site\n scripting attacks. (CVE-2013-4052 / PM91892)\n\n - An attacker may gain elevated privileges because of\n improper certificate checks. WS-Security and XML Digital\n Signatures must be enabled. (CVE-2013-4053 / PM90949)\n\n - An error exists related to incorrect Administration\n Security roles and migrations from version 6.1.\n (CVE-2013-5414 / PM92313)\n\n - Unspecified input validation errors exist that could\n allow cross-site scripting attacks. (CVE-2013-5417 /\n PM93323 and PM93944)", "edition": 25, "published": "2013-12-05T00:00:00", "title": "IBM WebSphere Application Server 8.5 < Fix Pack 8.5.5.1 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4053", "CVE-2013-0467", "CVE-2013-1896", "CVE-2013-0460", "CVE-2013-4052", "CVE-2013-5418", "CVE-2013-4004", "CVE-2012-2098", "CVE-2013-4006", "CVE-2013-1862", "CVE-2013-5425", "CVE-2013-5417", "CVE-2013-5414", "CVE-2013-0599", "CVE-2013-4005", "CVE-2013-0464", "CVE-2013-3029"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:ibm:websphere_application_server"], "id": "WEBSPHERE_8_5_5_1.NASL", "href": "https://www.tenable.com/plugins/nessus/71229", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(71229);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/08/06 14:03:16\");\n\n script_cve_id(\n \"CVE-2012-2098\",\n \"CVE-2013-0460\",\n \"CVE-2013-0464\",\n \"CVE-2013-0467\",\n \"CVE-2013-0599\",\n \"CVE-2013-1862\",\n \"CVE-2013-1896\",\n \"CVE-2013-3029\",\n \"CVE-2013-4004\",\n \"CVE-2013-4005\",\n \"CVE-2013-4006\",\n \"CVE-2013-4052\",\n \"CVE-2013-4053\",\n \"CVE-2013-5414\",\n \"CVE-2013-5417\",\n \"CVE-2013-5418\",\n \"CVE-2013-5425\"\n );\n script_bugtraq_id(\n 53676,\n 57510,\n 58000,\n 59826,\n 60107,\n 60246,\n 61129,\n 61901,\n 61935,\n 61937,\n 62336,\n 62338,\n 63700,\n 63778,\n 63780,\n 63781,\n 63786\n );\n\n script_name(english:\"IBM WebSphere Application Server 8.5 < Fix Pack 8.5.5.1 Multiple Vulnerabilities\");\n script_summary(english:\"Reads the version number from the SOAP port\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote application server may be affected by multiple\nvulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"IBM WebSphere Application Server 8.5 before Fix Pack 8.5.5.1 appears to\nbe running on the remote host and is, therefore, potentially affected by\nthe following vulnerabilities :\n\n - A flaw exists related to Apache Ant and file\n compression that could lead to denial of service\n conditions. (CVE-2012-2098 / PM90088)\n\n - Unspecified errors exist related to the administration\n console that could allow cross-site scripting attacks.\n (CVE-2013-0460 / PM72275, CVE-2013-5418 / PM96477,\n CVE-2013-5425 / PM93828)\n\n - Multiple errors exist related to the IBM Eclipse Help\n System that could allow cross-site scripting attacks\n and information disclosure attacks. (CVE-2013-0464,\n CVE-2013-0467, CVE-2013-0599 / PM89893)\n\n - An input validation flaw exists in the optional\n 'mod_rewrite' module in the included IBM HTTP Server\n that could allow arbitrary command execution via\n HTTP requests containing certain escape sequences.\n (CVE-2013-1862 / PM87808)\n\n - A flaw exists related to the optional 'mod_dav'\n module in the included IBM HTTP Server that could\n allow denial of service conditions.\n (CVE-2013-1896 / PM89996)\n\n - A user-supplied input validation error exists that could\n allow cross-site request forgery (CSRF) attacks to be\n carried out. (CVE-2013-3029 / PM88746)\n\n - User-supplied input validation errors exist related to\n the administrative console that could allow cross-site\n scripting attacks.\n (CVE-2013-4004 / PM81571, CVE-2013-4005 / PM88208)\n\n - An unspecified permissions error exists that could\n allow a local attacker to obtain sensitive information.\n Note this issue only affects the 'Liberty Profile'.\n (CVE-2013-4006 / PM90472)\n\n - An input validation error exists related to the UDDI\n Administrative console that could allow cross-site\n scripting attacks. (CVE-2013-4052 / PM91892)\n\n - An attacker may gain elevated privileges because of\n improper certificate checks. WS-Security and XML Digital\n Signatures must be enabled. (CVE-2013-4053 / PM90949)\n\n - An error exists related to incorrect Administration\n Security roles and migrations from version 6.1.\n (CVE-2013-5414 / PM92313)\n\n - Unspecified input validation errors exist that could\n allow cross-site scripting attacks. (CVE-2013-5417 /\n PM93323 and PM93944)\"\n );\n # https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_potential_security_exposure_in_ibm_http_server_cve_2013_1862_pm87808?lang=en_us\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?187690fd\");\n # Fix list\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg27036319#8551\");\n # Sec bulletin\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?&uid=swg21651880\");\n script_set_attribute(attribute:\"solution\", value:\"Apply Fix Pack 8.5.5.1 for version 8.5 (8.5.5.0) or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/05/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:websphere_application_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"websphere_detect.nasl\");\n script_require_ports(\"Services/www\", 8880, 8881);\n script_require_keys(\"www/WebSphere\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n\nport = get_http_port(default:8880, embedded:0);\n\nversion = get_kb_item_or_exit(\"www/WebSphere/\"+port+\"/version\");\nsource = get_kb_item_or_exit(\"www/WebSphere/\"+port+\"/source\");\n\nif (version !~ \"^8\\.5([^0-9]|$)\") audit(AUDIT_NOT_LISTEN, \"IBM WebSphere Application Server 8.5\", port);\n\nif (version =~ \"^[0-9]+(\\.[0-9]+)?$\") audit(AUDIT_VER_NOT_GRANULAR, \"IBM WebSphere Application Server\", port, version);\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\nif (\n ver[0] == 8 &&\n ver[1] == 5 &&\n (\n ver[2] < 5\n ||\n (ver[2] == 5 && ver[3] < 1)\n )\n)\n{\n set_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n set_kb_item(name:'www/'+port+'/XSRF', value:TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 8.5.5.1' +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"WebSphere\", port, version);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:37:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2098"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-05-13T00:00:00", "id": "OPENVAS:1361412562310865608", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865608", "type": "openvas", "title": "Fedora Update for plexus-archiver FEDORA-2013-5546", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for plexus-archiver FEDORA-2013-5546\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.865608\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-05-13 12:42:03 +0530 (Mon, 13 May 2013)\");\n script_cve_id(\"CVE-2012-2098\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for plexus-archiver FEDORA-2013-5546\");\n script_xref(name:\"FEDORA\", value:\"2013-5546\");\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105049.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'plexus-archiver'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"plexus-archiver on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"plexus-archiver\", rpm:\"plexus-archiver~2.3~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2098"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-06-04T00:00:00", "id": "OPENVAS:1361412562310864280", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864280", "type": "openvas", "title": "Fedora Update for apache-commons-compress FEDORA-2012-8465", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for apache-commons-compress FEDORA-2012-8465\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081746.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864280\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-04 11:07:12 +0530 (Mon, 04 Jun 2012)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2012-2098\");\n script_xref(name:\"FEDORA\", value:\"2012-8465\");\n script_name(\"Fedora Update for apache-commons-compress FEDORA-2012-8465\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'apache-commons-compress'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"apache-commons-compress on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-commons-compress\", rpm:\"apache-commons-compress~1.4.1~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-01-06T13:07:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2098"], "description": "Check for the Version of apache-commons-compress", "modified": "2018-01-05T00:00:00", "published": "2012-08-30T00:00:00", "id": "OPENVAS:864383", "href": "http://plugins.openvas.org/nasl.php?oid=864383", "type": "openvas", "title": "Fedora Update for apache-commons-compress FEDORA-2012-8428", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for apache-commons-compress FEDORA-2012-8428\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"apache-commons-compress on Fedora 17\";\ntag_insight = \"The code in this component came from Avalon's Excalibur, but originally\n from Ant, as far as life in Apache goes. The tar package is originally\n Tim Endres' public domain package. The bzip2 package is based on the\n work done by Keiron Liddle. It has migrated via:\n Ant -> Avalon-Excalibur -> Commons-IO -> Commons-Compress.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081697.html\");\n script_id(864383);\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:06:36 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-2098\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-8428\");\n script_name(\"Fedora Update for apache-commons-compress FEDORA-2012-8428\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of apache-commons-compress\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-commons-compress\", rpm:\"apache-commons-compress~1.4.1~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:51:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2098"], "description": "Check for the Version of plexus-archiver", "modified": "2017-07-10T00:00:00", "published": "2013-05-13T00:00:00", "id": "OPENVAS:865612", "href": "http://plugins.openvas.org/nasl.php?oid=865612", "type": "openvas", "title": "Fedora Update for plexus-archiver FEDORA-2013-5548", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for plexus-archiver FEDORA-2013-5548\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"plexus-archiver on Fedora 18\";\ntag_insight = \"The Plexus project seeks to create end-to-end developer tools for\n writing applications. At the core is the container, which can be\n embedded or for a full scale application server. There are many\n reusable components for hibernate, form processing, jndi, i18n,\n velocity, etc. Plexus also includes an application server which\n is like a J2EE application server, without all the baggage.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(865612);\n script_version(\"$Revision: 6628 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:32:47 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-05-13 12:42:20 +0530 (Mon, 13 May 2013)\");\n script_cve_id(\"CVE-2012-2098\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for plexus-archiver FEDORA-2013-5548\");\n\n script_xref(name: \"FEDORA\", value: \"2013-5548\");\n script_xref(name: \"URL\" , value: \"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105060.html\");\n script_summary(\"Check for the Version of plexus-archiver\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"plexus-archiver\", rpm:\"plexus-archiver~2.3~1.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-06T13:06:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2098"], "description": "Check for the Version of apache-commons-compress", "modified": "2018-01-05T00:00:00", "published": "2012-06-04T00:00:00", "id": "OPENVAS:864280", "href": "http://plugins.openvas.org/nasl.php?oid=864280", "type": "openvas", "title": "Fedora Update for apache-commons-compress FEDORA-2012-8465", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for apache-commons-compress FEDORA-2012-8465\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"apache-commons-compress on Fedora 16\";\ntag_insight = \"The code in this component came from Avalon's Excalibur, but originally\n from Ant, as far as life in Apache goes. The tar package is originally\n Tim Endres' public domain package. The bzip2 package is based on the\n work done by Keiron Liddle. It has migrated via:\n Ant -> Avalon-Excalibur -> Commons-IO -> Commons-Compress.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081746.html\");\n script_id(864280);\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-04 11:07:12 +0530 (Mon, 04 Jun 2012)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2012-2098\");\n script_xref(name: \"FEDORA\", value: \"2012-8465\");\n script_name(\"Fedora Update for apache-commons-compress FEDORA-2012-8465\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of apache-commons-compress\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-commons-compress\", rpm:\"apache-commons-compress~1.4.1~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2098"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-08-30T00:00:00", "id": "OPENVAS:1361412562310864383", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864383", "type": "openvas", "title": "Fedora Update for apache-commons-compress FEDORA-2012-8428", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for apache-commons-compress FEDORA-2012-8428\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081697.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864383\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:06:36 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-2098\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-8428\");\n script_name(\"Fedora Update for apache-commons-compress FEDORA-2012-8428\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'apache-commons-compress'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"apache-commons-compress on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-commons-compress\", rpm:\"apache-commons-compress~1.4.1~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:37:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2098"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-05-13T00:00:00", "id": "OPENVAS:1361412562310865612", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865612", "type": "openvas", "title": "Fedora Update for plexus-archiver FEDORA-2013-5548", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for plexus-archiver FEDORA-2013-5548\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.865612\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-05-13 12:42:20 +0530 (Mon, 13 May 2013)\");\n script_cve_id(\"CVE-2012-2098\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for plexus-archiver FEDORA-2013-5548\");\n script_xref(name:\"FEDORA\", value:\"2013-5548\");\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105060.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'plexus-archiver'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n script_tag(name:\"affected\", value:\"plexus-archiver on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"plexus-archiver\", rpm:\"plexus-archiver~2.3~1.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-25T10:52:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2098"], "description": "Check for the Version of plexus-archiver", "modified": "2017-07-10T00:00:00", "published": "2013-05-13T00:00:00", "id": "OPENVAS:865608", "href": "http://plugins.openvas.org/nasl.php?oid=865608", "type": "openvas", "title": "Fedora Update for plexus-archiver FEDORA-2013-5546", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for plexus-archiver FEDORA-2013-5546\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"plexus-archiver on Fedora 17\";\ntag_insight = \"The Plexus project seeks to create end-to-end developer tools for\n writing applications. At the core is the container, which can be\n embedded or for a full scale application server. There are many\n reusable components for hibernate, form processing, jndi, i18n,\n velocity, etc. Plexus also includes an application server which\n is like a J2EE application server, without all the baggage.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(865608);\n script_version(\"$Revision: 6628 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:32:47 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-05-13 12:42:03 +0530 (Mon, 13 May 2013)\");\n script_cve_id(\"CVE-2012-2098\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for plexus-archiver FEDORA-2013-5546\");\n\n script_xref(name: \"FEDORA\", value: \"2013-5546\");\n script_xref(name: \"URL\" , value: \"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105049.html\");\n script_summary(\"Check for the Version of plexus-archiver\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"plexus-archiver\", rpm:\"plexus-archiver~2.3~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-2098"], "description": "The Plexus project seeks to create end-to-end developer tools for writing applications. At the core is the container, which can be embedded or for a full scale application server. There are many reusable components for hibernate, form processing, jndi, i18n, velocity, etc. Plexus also includes an application server which is like a J2EE application server, without all the baggage. ", "modified": "2013-05-11T00:26:08", "published": "2013-05-11T00:26:08", "id": "FEDORA:9013E20C03", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: plexus-archiver-2.3-1.fc17", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-2098"], "description": "The code in this component came from Avalon's Excalibur, but originally from Ant, as far as life in Apache goes. The tar package is originally Tim Endres' public domain package. The bzip2 package is based on the work done by Keiron Liddle. It has migrated via: Ant -> Avalon-Excalibur -> Commons-IO -> Commons-Compress. ", "modified": "2012-06-02T23:56:50", "published": "2012-06-02T23:56:50", "id": "FEDORA:D5702210FC", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: apache-commons-compress-1.4.1-1.fc17", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-2098"], "description": "The Plexus project seeks to create end-to-end developer tools for writing applications. At the core is the container, which can be embedded or for a full scale application server. There are many reusable components for hibernate, form processing, jndi, i18n, velocity, etc. Plexus also includes an application server which is like a J2EE application server, without all the baggage. ", "modified": "2013-05-11T03:16:43", "published": "2013-05-11T03:16:43", "id": "FEDORA:13FF82114D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: plexus-archiver-2.3-1.fc19", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-2098"], "description": "The Plexus project seeks to create end-to-end developer tools for writing applications. At the core is the container, which can be embedded or for a full scale application server. There are many reusable components for hibernate, form processing, jndi, i18n, velocity, etc. Plexus also includes an application server which is like a J2EE application server, without all the baggage. ", "modified": "2013-05-11T00:27:50", "published": "2013-05-11T00:27:50", "id": "FEDORA:E9B33209C0", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: plexus-archiver-2.3-1.fc18", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-2098"], "description": "The code in this component came from Avalon's Excalibur, but originally from Ant, as far as life in Apache goes. The tar package is originally Tim Endres' public domain package. The bzip2 package is based on the work done by Keiron Liddle. It has migrated via: Ant -> Avalon-Excalibur -> Commons-IO -> Commons-Compress. ", "modified": "2012-06-03T23:26:27", "published": "2012-06-03T23:26:27", "id": "FEDORA:787E821133", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: apache-commons-compress-1.4.1-1.fc16", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "seebug": [{"lastseen": "2017-11-19T17:51:17", "description": "BUGTRAQ ID: 53676\r\nCVE ID: CVE-2012-2098\r\n\r\nApache Commons Compress\u5e93\u5b9a\u4e49\u4e86\u4e00\u4e2aAPI\uff0c\u53ef\u5904\u7406ar\u3001cpio\u3001Unix dump\u3001tar\u3001zip\u3001gzip\u3001XZ\u3001Pack200\u3001bzip2\u6587\u4ef6\u3002Apache Ant\uff0c\u662f\u4e00\u4e2a\u5c06\u8f6f\u4ef6\u7f16\u8bd1\u3001\u6d4b\u8bd5\u3001\u90e8\u7f72\u7b49\u6b65\u9aa4\u8054\u7cfb\u5728\u4e00\u8d77\u52a0\u4ee5\u81ea\u52a8\u5316\u7684\u4e00\u4e2a\u5de5\u5177\uff0c\u5927\u591a\u7528\u4e8eJava\u73af\u5883\u4e2d\u7684\u8f6f\u4ef6\u5f00\u53d1\u3002\r\n\r\nApache Commons Compress 1.4.1\u4e4b\u524d\u7248\u672c\u5728\u4f7f\u7528bzip2\u538b\u7f29\u6587\u4ef6\u65f6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u53ef\u901a\u8fc7\u53d1\u9001\u5230BZip2CompressorOutputStream\u7c7b\u7684\u7279\u5236\u6587\u4ef6\u5229\u7528\u6b64\u6f0f\u6d1e\u6d88\u8017\u7cfb\u7edf\u8d44\u6e90\uff0c\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\n0\nApache Group Commons Compress 1.4\r\nApache Group Commons Compress 1.0\r\nApache Group Ant 1.8.3\r\nApache Group Ant 1.6.2\r\nApache Group Ant 1.5\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nApache Group\r\n------------\r\nApache Group\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08Fixed in Apache Commons Compress 1.4.1\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\n\r\nFixed in Apache Commons Compress 1.4.1\uff1aReporting New Security Problems with Apache Commons Compress\r\n\r\n\u94fe\u63a5\uff1ahttp://commons.apache.org/compress/security.html", "published": "2012-05-25T00:00:00", "type": "seebug", "title": "Apache Commons Compress\u548cApache Ant\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-2098"], "modified": "2012-05-25T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-60155", "id": "SSV:60155", "sourceData": "", "sourceHref": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:47", "bulletinFamily": "software", "cvelist": ["CVE-2011-2085", "CVE-2012-2098", "CVE-2012-2216", "CVE-2011-4459", "CVE-2011-4458", "CVE-2011-2084", "CVE-2012-0220", "CVE-2012-2452", "CVE-2011-2082", "CVE-2012-2352", "CVE-2012-2435", "CVE-2012-2436", "CVE-2011-2083", "CVE-2011-4460"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 1, "modified": "2012-06-03T00:00:00", "published": "2012-06-03T00:00:00", "id": "SECURITYVULNS:VULN:12399", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12399", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oracle": [{"lastseen": "2021-02-27T21:41:27", "bulletinFamily": "software", "cvelist": ["CVE-2012-2098", "CVE-2015-4000", "CVE-2015-8965", "CVE-2016-1000031", "CVE-2016-5725", "CVE-2017-12626", "CVE-2017-5611", "CVE-2017-5645", "CVE-2017-8028", "CVE-2018-0732", "CVE-2018-10237", "CVE-2018-11775", "CVE-2018-1258", "CVE-2018-1285", "CVE-2018-15756", "CVE-2018-20781", "CVE-2018-2587", "CVE-2018-7318", "CVE-2018-8032", "CVE-2018-9019", "CVE-2019-0188", "CVE-2019-0227", "CVE-2019-0230", "CVE-2019-0233", "CVE-2019-10086", "CVE-2019-10173", "CVE-2019-10246", "CVE-2019-10247", "CVE-2019-10744", "CVE-2019-11135", "CVE-2019-11269", "CVE-2019-11358", "CVE-2019-12399", "CVE-2019-12402", "CVE-2019-12415", "CVE-2019-13990", "CVE-2019-14862", "CVE-2019-1551", "CVE-2019-1559", "CVE-2019-17091", "CVE-2019-17195", "CVE-2019-17359", "CVE-2019-17563", "CVE-2019-17566", "CVE-2019-17569", "CVE-2019-20892", "CVE-2019-20907", "CVE-2019-2697", "CVE-2019-3773", "CVE-2019-3778", "CVE-2019-5427", "CVE-2019-7164", "CVE-2019-7548", "CVE-2019-9511", "CVE-2019-9513", "CVE-2020-10531", "CVE-2020-10543", "CVE-2020-10650", "CVE-2020-10672", "CVE-2020-10673", "CVE-2020-10683", "CVE-2020-10722", "CVE-2020-10723", "CVE-2020-10724", "CVE-2020-10725", "CVE-2020-10726", "CVE-2020-10878", "CVE-2020-10968", "CVE-2020-10969", "CVE-2020-11022", "CVE-2020-11023", "CVE-2020-11080", "CVE-2020-11111", "CVE-2020-11112", "CVE-2020-11113", "CVE-2020-11612", "CVE-2020-11619", "CVE-2020-11620", "CVE-2020-11655", "CVE-2020-11656", "CVE-2020-11971", "CVE-2020-11972", "CVE-2020-11973", "CVE-2020-11979", "CVE-2020-11984", "CVE-2020-11985", "CVE-2020-11993", "CVE-2020-11994", "CVE-2020-11996", "CVE-2020-11998", "CVE-2020-12723", "CVE-2020-13254", "CVE-2020-13596", "CVE-2020-13871", "CVE-2020-13934", "CVE-2020-13935", "CVE-2020-13954", "CVE-2020-14060", "CVE-2020-14061", "CVE-2020-14062", "CVE-2020-14147", "CVE-2020-14195", "CVE-2020-14422", "CVE-2020-14750", "CVE-2020-14756", "CVE-2020-14803", "CVE-2020-15025", "CVE-2020-15358", "CVE-2020-17498", "CVE-2020-17521", "CVE-2020-17530", "CVE-2020-1935", "CVE-2020-1938", "CVE-2020-1945", "CVE-2020-1967", "CVE-2020-1968", "CVE-2020-1971", "CVE-2020-24583", "CVE-2020-24584", "CVE-2020-24616", "CVE-2020-24750", "CVE-2020-25020", "CVE-2020-2555", "CVE-2020-25862", "CVE-2020-25863", "CVE-2020-25866", "CVE-2020-26575", "CVE-2020-27216", "CVE-2020-35460", "CVE-2020-5398", "CVE-2020-5407", "CVE-2020-5408", "CVE-2020-5421", "CVE-2020-7064", "CVE-2020-8172", "CVE-2020-8174", "CVE-2020-8265", "CVE-2020-8277", "CVE-2020-8287", "CVE-2020-9281", "CVE-2020-9327", "CVE-2020-9484", "CVE-2020-9488", "CVE-2020-9490", "CVE-2020-9546", "CVE-2020-9547", "CVE-2020-9548", "CVE-2021-1993", "CVE-2021-1994", "CVE-2021-1995", "CVE-2021-1996", "CVE-2021-1997", "CVE-2021-1998", "CVE-2021-1999", "CVE-2021-2000", "CVE-2021-2001", "CVE-2021-2002", "CVE-2021-2003", "CVE-2021-2004", "CVE-2021-2005", "CVE-2021-2006", "CVE-2021-2007", "CVE-2021-2009", "CVE-2021-2010", "CVE-2021-2011", "CVE-2021-2012", "CVE-2021-2013", "CVE-2021-2014", "CVE-2021-2015", "CVE-2021-2016", "CVE-2021-2017", "CVE-2021-2018", "CVE-2021-2019", "CVE-2021-2020", "CVE-2021-2021", "CVE-2021-2022", "CVE-2021-2023", "CVE-2021-2024", "CVE-2021-2025", "CVE-2021-2026", "CVE-2021-2027", "CVE-2021-2028", "CVE-2021-2029", "CVE-2021-2030", "CVE-2021-2031", "CVE-2021-2032", "CVE-2021-2033", "CVE-2021-2034", "CVE-2021-2035", "CVE-2021-2036", "CVE-2021-2038", "CVE-2021-2039", "CVE-2021-2040", "CVE-2021-2041", "CVE-2021-2042", "CVE-2021-2043", "CVE-2021-2044", "CVE-2021-2045", "CVE-2021-2046", "CVE-2021-2047", "CVE-2021-2048", "CVE-2021-2049", "CVE-2021-2050", "CVE-2021-2051", "CVE-2021-2052", "CVE-2021-2054", "CVE-2021-2055", "CVE-2021-2056", "CVE-2021-2057", "CVE-2021-2058", "CVE-2021-2059", "CVE-2021-2060", "CVE-2021-2061", "CVE-2021-2062", "CVE-2021-2063", "CVE-2021-2064", "CVE-2021-2065", "CVE-2021-2066", "CVE-2021-2067", "CVE-2021-2068", "CVE-2021-2069", "CVE-2021-2070", "CVE-2021-2071", "CVE-2021-2072", "CVE-2021-2073", "CVE-2021-2074", "CVE-2021-2075", "CVE-2021-2076", "CVE-2021-2077", "CVE-2021-2078", "CVE-2021-2079", "CVE-2021-2080", "CVE-2021-2081", "CVE-2021-2082", "CVE-2021-2083", "CVE-2021-2084", "CVE-2021-2085", "CVE-2021-2086", "CVE-2021-2087", "CVE-2021-2088", "CVE-2021-2089", "CVE-2021-2090", "CVE-2021-2091", "CVE-2021-2092", "CVE-2021-2093", "CVE-2021-2094", "CVE-2021-2096", "CVE-2021-2097", "CVE-2021-2098", "CVE-2021-2099", "CVE-2021-2100", "CVE-2021-2101", "CVE-2021-2102", "CVE-2021-2103", "CVE-2021-2104", "CVE-2021-2105", "CVE-2021-2106", "CVE-2021-2107", "CVE-2021-2108", "CVE-2021-2109", "CVE-2021-2110", "CVE-2021-2111", "CVE-2021-2112", "CVE-2021-2113", "CVE-2021-2114", "CVE-2021-2115", "CVE-2021-2116", "CVE-2021-2117", "CVE-2021-2118", "CVE-2021-2119", "CVE-2021-2120", "CVE-2021-2121", "CVE-2021-2122", "CVE-2021-2123", "CVE-2021-2124", "CVE-2021-2125", "CVE-2021-2126", "CVE-2021-2127", "CVE-2021-2128", "CVE-2021-2129", "CVE-2021-2130", "CVE-2021-2131"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third-party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update Advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Refer to [\u201cCritical Patch Updates, Security Alerts and Bulletins\u201d](<https://www.oracle.com/security-alerts/>) for information about Oracle Security advisories. \n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.**\n\nThis Critical Patch Update contains 329 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ January 2021 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2739494.1>).\n\n**Please note that since the release of the October 2020 Critical Patch Update, Oracle has released a Security Alert for Oracle WebLogic Server: [CVE-2020-14750 (November 1, 2020)](<https://www.oracle.com/security-alerts/alert-cve-2020-14750.html>). Customers are strongly advised to apply this Critical Patch Update, which includes patches for this Alert as well as additional patches.**\n", "modified": "2021-02-22T00:00:00", "published": "2021-01-19T00:00:00", "id": "ORACLE:CPUJAN2021", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - January 2021", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}