Description
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Related
{"id": "CVE-2022-219862", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2022-219862", "description": "This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.", "published": "2022-02-25T08:27:56", "modified": "2022-02-25T08:27:56", "epss": [], "cvss": {}, "cvss2": {}, "cvss3": {}, "href": "", "reporter": "candidate", "references": [], "cvelist": ["CVE-2022-219862"], "immutableFields": [], "lastseen": "2022-02-25T08:27:56", "viewCount": 1409, "enchantments": {"backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2022:0495"]}, {"type": "nessus", "idList": ["ROCKY_LINUX_RLSA-2022-495.NASL", "ROCKY_LINUX_RLSA-2022-496.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2022-0495"]}, {"type": "redhat", "idList": ["RHSA-2022:0500"]}, {"type": "redhatcve", "idList": ["RH:CVE-2022-219862"]}, {"type": "rocky", "idList": ["RLSA-2022:495", "RLSA-2022:496"]}]}, "score": {"value": 1.5, "vector": "NONE"}, "dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2022:0495", "ALSA-2022:0496"]}, {"type": "nessus", "idList": ["ALMA_LINUX_ALSA-2022-0495.NASL", "ORACLELINUX_ELSA-2022-0495.NASL", "ORACLELINUX_ELSA-2022-0496.NASL", "ROCKY_LINUX_RLSA-2022-495.NASL", "ROCKY_LINUX_RLSA-2022-496.NASL"]}, {"type": "redhat", "idList": ["RHSA-2022:0495", "RHSA-2022:0496", "RHSA-2022:0499", "RHSA-2022:0500"]}, {"type": "redhatcve", "idList": ["RH:CVE-2022-219862"]}, {"type": "rocky", "idList": ["RLSA-2022:0495", "RLSA-2022:0496", "RLSA-2022:495", "RLSA-2022:496"]}]}, "vulnersScore": 1.5}, "_state": {"dependencies": 1691946178, "score": 1691948408, "epss": 0}, "_internal": {"score_hash": "9f08dcc2d316ee6ca6a68b2eeddf49fc"}, "cna_cvss": {}, "cpe": [], "cpe23": [], "cwe": [], "affectedSoftware": [], "affectedConfiguration": [], "cpeConfiguration": {}, "extraReferences": [], "product_info": [], "solutions": [], "workarounds": [], "impacts": [], "problemTypes": [], "exploits": [], "assigned": "1976-01-01T00:00:00"}
{"almalinux": [{"lastseen": "2022-09-14T18:10:39", "description": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.102 and .NET Runtime 6.0.2.\n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Core Krestel HTTP headers pooling denial of service (CVE-2022-219862)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2022-02-09T08:26:35", "type": "almalinux", "title": "Important: .NET 6.0 security and bugfix update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-219862"], "modified": "2022-02-12T10:13:41", "id": "ALSA-2022:0496", "href": "https://errata.almalinux.org/8/ALSA-2022-0496.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-04-20T17:10:56", "description": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.211 and .NET Runtime 5.0.14.\n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Core Krestel HTTP headers pooling denial of service (CVE-2022-219862)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2022-02-09T08:26:30", "type": "almalinux", "title": "Important: .NET 5.0 security and bugfix update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-219862"], "modified": "2022-02-09T20:42:50", "id": "ALSA-2022:0495", "href": "https://errata.almalinux.org/8/ALSA-2022-0495.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "rocky": [{"lastseen": "2022-03-02T15:15:06", "description": "An update for .NET 5.0 is now available for Rocky Linux 8.\nRocky Linux Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.211 and .NET Runtime 5.0.14.\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2022-02-09T21:31:50", "type": "rocky", "title": ".NET 5.0 security and bugfix update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-219862"], "modified": "2022-02-09T21:31:50", "id": "RLSA-2022:495", "href": "https://errata.rockylinux.org/RLSA-2022:495", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-03-02T15:15:06", "description": "An update for .NET 6.0 is now available for Rocky Linux 8.\nRocky Linux Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.102 and .NET Runtime 6.0.2.\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2022-02-09T21:30:56", "type": "rocky", "title": ".NET 6.0 security and bugfix update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-219862"], "modified": "2022-02-09T21:30:56", "id": "RLSA-2022:496", "href": "https://errata.rockylinux.org/RLSA-2022:496", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-24T17:24:53", "description": "An update is available for dotnet6.0.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list\n.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.102 and .NET Runtime 6.0.2.\n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Core Krestel HTTP headers pooling denial of service (CVE-2022-219862)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-02-09T08:26:35", "type": "rocky", "title": ".NET 6.0 security and bugfix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21986", "CVE-2022-219862"], "modified": "2022-02-09T08:26:35", "id": "RLSA-2022:0496", "href": "https://errata.rockylinux.org/RLSA-2022:0496", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-07-24T17:24:53", "description": "An update is available for dotnet5.0.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list\n.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.211 and .NET Runtime 5.0.14.\n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Core Krestel HTTP headers pooling denial of service (CVE-2022-219862)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-02-09T08:26:30", "type": "rocky", "title": ".NET 5.0 security and bugfix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21986", "CVE-2022-219862"], "modified": "2022-02-09T08:26:30", "id": "RLSA-2022:0495", "href": "https://errata.rockylinux.org/RLSA-2022:0495", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2023-05-18T14:41:24", "description": "The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:495 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "Rocky Linux 8 : .NET 5.0 (RLSA-2022:495)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-219862"], "modified": "2022-04-27T00:00:00", "cpe": ["p-cpe:/a:rocky:linux:aspnetcore-runtime-5.0", "p-cpe:/a:rocky:linux:aspnetcore-runtime-6.0", "p-cpe:/a:rocky:linux:aspnetcore-targeting-pack-5.0", "p-cpe:/a:rocky:linux:aspnetcore-targeting-pack-6.0", "p-cpe:/a:rocky:linux:dotnet", "p-cpe:/a:rocky:linux:dotnet-apphost-pack-5.0", "p-cpe:/a:rocky:linux:dotnet-apphost-pack-5.0-debuginfo", "p-cpe:/a:rocky:linux:dotnet-apphost-pack-6.0", "p-cpe:/a:rocky:linux:dotnet-apphost-pack-6.0-debuginfo", "p-cpe:/a:rocky:linux:dotnet-host", "p-cpe:/a:rocky:linux:dotnet-host-debuginfo", "p-cpe:/a:rocky:linux:dotnet-hostfxr-5.0", "p-cpe:/a:rocky:linux:dotnet-hostfxr-5.0-debuginfo", "p-cpe:/a:rocky:linux:dotnet-hostfxr-6.0", "p-cpe:/a:rocky:linux:dotnet-hostfxr-6.0-debuginfo", "p-cpe:/a:rocky:linux:dotnet-runtime-5.0", "p-cpe:/a:rocky:linux:dotnet-runtime-5.0-debuginfo", "p-cpe:/a:rocky:linux:dotnet-runtime-6.0", "p-cpe:/a:rocky:linux:dotnet-runtime-6.0-debuginfo", "p-cpe:/a:rocky:linux:dotnet-sdk-5.0", "p-cpe:/a:rocky:linux:dotnet-sdk-5.0-debuginfo", "p-cpe:/a:rocky:linux:dotnet-sdk-5.0-source-built-artifacts", "p-cpe:/a:rocky:linux:dotnet-sdk-6.0", "p-cpe:/a:rocky:linux:dotnet-sdk-6.0-debuginfo", "p-cpe:/a:rocky:linux:dotnet-targeting-pack-5.0", "p-cpe:/a:rocky:linux:dotnet-targeting-pack-6.0", "p-cpe:/a:rocky:linux:dotnet-templates-5.0", "p-cpe:/a:rocky:linux:dotnet-templates-6.0", "p-cpe:/a:rocky:linux:dotnet5.0-debuginfo", "p-cpe:/a:rocky:linux:dotnet5.0-debugsource", "p-cpe:/a:rocky:linux:dotnet6.0-debuginfo", "p-cpe:/a:rocky:linux:netstandard-targeting-pack-2.1", "cpe:/o:rocky:linux:8"], "id": "ROCKY_LINUX_RLSA-2022-495.NASL", "href": "https://www.tenable.com/plugins/nessus/157863", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Rocky Linux Security Advisory RLSA-2022:495.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157863);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/27\");\n\n script_cve_id(\"CVE-2022-219862\");\n script_xref(name:\"RLSA\", value:\"2022:495\");\n script_xref(name:\"IAVA\", value:\"2022-A-0078-S\");\n\n script_name(english:\"Rocky Linux 8 : .NET 5.0 (RLSA-2022:495)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Rocky Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nRLSA-2022:495 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.rockylinux.org/RLSA-2022:495\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2051490\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-219862\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:aspnetcore-runtime-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:aspnetcore-runtime-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:aspnetcore-targeting-pack-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:aspnetcore-targeting-pack-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-apphost-pack-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-apphost-pack-5.0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-apphost-pack-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-apphost-pack-6.0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-host-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-hostfxr-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-hostfxr-5.0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-hostfxr-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-hostfxr-6.0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-runtime-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-runtime-5.0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-runtime-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-runtime-6.0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-sdk-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-sdk-5.0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-sdk-5.0-source-built-artifacts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-sdk-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-sdk-6.0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-targeting-pack-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-targeting-pack-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-templates-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-templates-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet5.0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet5.0-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet6.0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:netstandard-targeting-pack-2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:rocky:linux:8\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Rocky Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RockyLinux/release\", \"Host/RockyLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RockyLinux/release');\nif (isnull(release) || 'Rocky Linux' >!< release) audit(AUDIT_OS_NOT, 'Rocky Linux');\nvar os_ver = pregmatch(pattern: \"Rocky(?: Linux)? release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);\n\nif (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);\n\nvar pkgs = [\n {'reference':'aspnetcore-runtime-5.0-5.0.14-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-runtime-6.0-6.0.2-1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-runtime-6.0-6.0.2-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-5.0-5.0.14-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-6.0-6.0.2-1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-6.0-6.0.2-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-6.0.102-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-5.0-5.0.14-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-5.0-debuginfo-5.0.14-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-6.0-6.0.2-1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-6.0-6.0.2-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-6.0-debuginfo-6.0.2-1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-6.0-debuginfo-6.0.2-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-6.0.2-1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-6.0.2-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-debuginfo-6.0.2-1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-debuginfo-6.0.2-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-5.0-5.0.14-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-5.0-debuginfo-5.0.14-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-6.0-6.0.2-1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-6.0-6.0.2-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-6.0-debuginfo-6.0.2-1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-6.0-debuginfo-6.0.2-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-5.0-5.0.14-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-5.0-debuginfo-5.0.14-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-6.0-6.0.2-1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-6.0-6.0.2-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-6.0-debuginfo-6.0.2-1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-6.0-debuginfo-6.0.2-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-5.0-5.0.211-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-5.0-debuginfo-5.0.211-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-5.0-source-built-artifacts-5.0.211-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-6.0.102-1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-6.0.102-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-debuginfo-6.0.102-1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-debuginfo-6.0.102-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-5.0-5.0.14-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-6.0-6.0.2-1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-6.0-6.0.2-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-5.0-5.0.211-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-6.0-6.0.102-1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-6.0-6.0.102-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet5.0-debuginfo-5.0.211-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet5.0-debugsource-5.0.211-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet6.0-debuginfo-6.0.102-1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet6.0-debuginfo-6.0.102-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netstandard-targeting-pack-2.1-6.0.102-1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netstandard-targeting-pack-2.1-6.0.102-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Rocky-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'aspnetcore-runtime-5.0 / aspnetcore-runtime-6.0 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:42:25", "description": "The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:0495 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-11T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : .NET 5.0 (ALSA-2022:0495)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-219862"], "modified": "2022-03-11T00:00:00", "cpe": ["p-cpe:/a:alma:linux:aspnetcore-runtime-5.0", "p-cpe:/a:alma:linux:aspnetcore-targeting-pack-5.0", "p-cpe:/a:alma:linux:dotnet-apphost-pack-5.0", "p-cpe:/a:alma:linux:dotnet-hostfxr-5.0", "p-cpe:/a:alma:linux:dotnet-runtime-5.0", "p-cpe:/a:alma:linux:dotnet-sdk-5.0", "p-cpe:/a:alma:linux:dotnet-sdk-5.0-source-built-artifacts", "p-cpe:/a:alma:linux:dotnet-targeting-pack-5.0", "p-cpe:/a:alma:linux:dotnet-templates-5.0", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2022-0495.NASL", "href": "https://www.tenable.com/plugins/nessus/158849", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2022:0495.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158849);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/11\");\n\n script_cve_id(\"CVE-2022-219862\");\n script_xref(name:\"ALSA\", value:\"2022:0495\");\n script_xref(name:\"IAVA\", value:\"2022-A-0101\");\n\n script_name(english:\"AlmaLinux 8 : .NET 5.0 (ALSA-2022:0495)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the\nALSA-2022:0495 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2022-0495.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-219862\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:aspnetcore-runtime-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:aspnetcore-targeting-pack-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:dotnet-apphost-pack-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:dotnet-hostfxr-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:dotnet-runtime-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:dotnet-sdk-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:dotnet-sdk-5.0-source-built-artifacts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:dotnet-targeting-pack-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:dotnet-templates-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'aspnetcore-runtime-5.0-5.0.14-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-5.0-5.0.14-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-5.0-5.0.14-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-5.0-5.0.14-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-5.0-5.0.14-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-5.0-5.0.211-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-5.0-source-built-artifacts-5.0.211-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-5.0-5.0.14-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-5.0-5.0.211-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'aspnetcore-runtime-5.0 / aspnetcore-targeting-pack-5.0 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:48:43", "description": "The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:496 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "Rocky Linux 8 : .NET 6.0 (RLSA-2022:496)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-219862"], "modified": "2022-04-27T00:00:00", "cpe": ["p-cpe:/a:rocky:linux:aspnetcore-runtime-5.0", "p-cpe:/a:rocky:linux:aspnetcore-runtime-6.0", "p-cpe:/a:rocky:linux:aspnetcore-targeting-pack-5.0", "p-cpe:/a:rocky:linux:aspnetcore-targeting-pack-6.0", "p-cpe:/a:rocky:linux:dotnet", "p-cpe:/a:rocky:linux:dotnet-apphost-pack-5.0", "p-cpe:/a:rocky:linux:dotnet-apphost-pack-5.0-debuginfo", "p-cpe:/a:rocky:linux:dotnet-apphost-pack-6.0", "p-cpe:/a:rocky:linux:dotnet-apphost-pack-6.0-debuginfo", "p-cpe:/a:rocky:linux:dotnet-host", "p-cpe:/a:rocky:linux:dotnet-host-debuginfo", "p-cpe:/a:rocky:linux:dotnet-hostfxr-5.0", "p-cpe:/a:rocky:linux:dotnet-hostfxr-5.0-debuginfo", "p-cpe:/a:rocky:linux:dotnet-hostfxr-6.0", "p-cpe:/a:rocky:linux:dotnet-hostfxr-6.0-debuginfo", "p-cpe:/a:rocky:linux:dotnet-runtime-5.0", "p-cpe:/a:rocky:linux:dotnet-runtime-5.0-debuginfo", "p-cpe:/a:rocky:linux:dotnet-runtime-6.0", "p-cpe:/a:rocky:linux:dotnet-runtime-6.0-debuginfo", "p-cpe:/a:rocky:linux:dotnet-sdk-5.0", "p-cpe:/a:rocky:linux:dotnet-sdk-5.0-debuginfo", "p-cpe:/a:rocky:linux:dotnet-sdk-5.0-source-built-artifacts", "p-cpe:/a:rocky:linux:dotnet-sdk-6.0", "p-cpe:/a:rocky:linux:dotnet-sdk-6.0-debuginfo", "p-cpe:/a:rocky:linux:dotnet-targeting-pack-5.0", "p-cpe:/a:rocky:linux:dotnet-targeting-pack-6.0", "p-cpe:/a:rocky:linux:dotnet-templates-5.0", "p-cpe:/a:rocky:linux:dotnet-templates-6.0", "p-cpe:/a:rocky:linux:dotnet5.0-debuginfo", "p-cpe:/a:rocky:linux:dotnet5.0-debugsource", "p-cpe:/a:rocky:linux:dotnet6.0-debuginfo", "p-cpe:/a:rocky:linux:netstandard-targeting-pack-2.1", "cpe:/o:rocky:linux:8"], "id": "ROCKY_LINUX_RLSA-2022-496.NASL", "href": "https://www.tenable.com/plugins/nessus/157864", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Rocky Linux Security Advisory RLSA-2022:496.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157864);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/27\");\n\n script_cve_id(\"CVE-2022-219862\");\n script_xref(name:\"RLSA\", value:\"2022:496\");\n script_xref(name:\"IAVA\", value:\"2022-A-0078-S\");\n\n script_name(english:\"Rocky Linux 8 : .NET 6.0 (RLSA-2022:496)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Rocky Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nRLSA-2022:496 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.rockylinux.org/RLSA-2022:496\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2051490\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-219862\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:aspnetcore-runtime-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:aspnetcore-runtime-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:aspnetcore-targeting-pack-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:aspnetcore-targeting-pack-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-apphost-pack-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-apphost-pack-5.0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-apphost-pack-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-apphost-pack-6.0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-host-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-hostfxr-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-hostfxr-5.0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-hostfxr-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-hostfxr-6.0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-runtime-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-runtime-5.0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-runtime-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-runtime-6.0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-sdk-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-sdk-5.0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-sdk-5.0-source-built-artifacts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-sdk-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-sdk-6.0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-targeting-pack-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-targeting-pack-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-templates-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-templates-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet5.0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet5.0-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet6.0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:netstandard-targeting-pack-2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:rocky:linux:8\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Rocky Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RockyLinux/release\", \"Host/RockyLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RockyLinux/release');\nif (isnull(release) || 'Rocky Linux' >!< release) audit(AUDIT_OS_NOT, 'Rocky Linux');\nvar os_ver = pregmatch(pattern: \"Rocky(?: Linux)? release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);\n\nif (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);\n\nvar pkgs = [\n {'reference':'aspnetcore-runtime-5.0-5.0.14-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-runtime-6.0-6.0.2-1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-runtime-6.0-6.0.2-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-5.0-5.0.14-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-6.0-6.0.2-1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-6.0-6.0.2-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-6.0.102-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-5.0-5.0.14-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-5.0-debuginfo-5.0.14-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-6.0-6.0.2-1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-6.0-6.0.2-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-6.0-debuginfo-6.0.2-1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-6.0-debuginfo-6.0.2-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-6.0.2-1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-6.0.2-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-debuginfo-6.0.2-1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-debuginfo-6.0.2-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-5.0-5.0.14-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-5.0-debuginfo-5.0.14-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-6.0-6.0.2-1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-6.0-6.0.2-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-6.0-debuginfo-6.0.2-1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-6.0-debuginfo-6.0.2-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-5.0-5.0.14-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-5.0-debuginfo-5.0.14-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-6.0-6.0.2-1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-6.0-6.0.2-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-6.0-debuginfo-6.0.2-1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-6.0-debuginfo-6.0.2-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-5.0-5.0.211-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-5.0-debuginfo-5.0.211-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-5.0-source-built-artifacts-5.0.211-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-6.0.102-1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-6.0.102-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-debuginfo-6.0.102-1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-debuginfo-6.0.102-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-5.0-5.0.14-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-6.0-6.0.2-1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-6.0-6.0.2-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-5.0-5.0.211-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-6.0-6.0.102-1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-6.0-6.0.102-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet5.0-debuginfo-5.0.211-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet5.0-debugsource-5.0.211-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet6.0-debuginfo-6.0.102-1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet6.0-debuginfo-6.0.102-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netstandard-targeting-pack-2.1-6.0.102-1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netstandard-targeting-pack-2.1-6.0.102-1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Rocky-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'aspnetcore-runtime-5.0 / aspnetcore-runtime-6.0 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:41:38", "description": "The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-0495 advisory.\n\n - dotnet: ASP.NET Core Krestel HTTP headers pooling denial of service (CVE-2022-219862)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-16T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : .NET / 5.0 (ELSA-2022-0495)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-21986", "CVE-2022-219862"], "modified": "2022-05-06T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:aspnetcore-runtime-5.0", "p-cpe:/a:oracle:linux:aspnetcore-targeting-pack-5.0", "p-cpe:/a:oracle:linux:dotnet-apphost-pack-5.0", "p-cpe:/a:oracle:linux:dotnet-hostfxr-5.0", "p-cpe:/a:oracle:linux:dotnet-runtime-5.0", "p-cpe:/a:oracle:linux:dotnet-sdk-5.0", "p-cpe:/a:oracle:linux:dotnet-sdk-5.0-source-built-artifacts", "p-cpe:/a:oracle:linux:dotnet-targeting-pack-5.0", "p-cpe:/a:oracle:linux:dotnet-templates-5.0"], "id": "ORACLELINUX_ELSA-2022-0495.NASL", "href": "https://www.tenable.com/plugins/nessus/158099", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-0495.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158099);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\"CVE-2022-21986\");\n\n script_name(english:\"Oracle Linux 8 : .NET / 5.0 (ELSA-2022-0495)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2022-0495 advisory.\n\n - dotnet: ASP.NET Core Krestel HTTP headers pooling denial of service (CVE-2022-219862)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-0495.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-21986\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:aspnetcore-runtime-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:aspnetcore-targeting-pack-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-apphost-pack-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-hostfxr-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-runtime-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-sdk-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-sdk-5.0-source-built-artifacts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-targeting-pack-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-templates-5.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar pkgs = [\n {'reference':'aspnetcore-runtime-5.0-5.0.14-1.0.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-5.0-5.0.14-1.0.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-5.0-5.0.14-1.0.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-5.0-5.0.14-1.0.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-5.0-5.0.14-1.0.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-5.0-5.0.211-1.0.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-5.0-source-built-artifacts-5.0.211-1.0.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-5.0-5.0.14-1.0.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-5.0-5.0.211-1.0.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'aspnetcore-runtime-5.0 / aspnetcore-targeting-pack-5.0 / dotnet-apphost-pack-5.0 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:42:23", "description": "The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-0496 advisory.\n\n - dotnet: ASP.NET Core Krestel HTTP headers pooling denial of service (CVE-2022-219862)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-09T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : .NET / 6.0 (ELSA-2022-0496)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-21986", "CVE-2022-219862"], "modified": "2022-05-06T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:aspnetcore-runtime-6.0", "p-cpe:/a:oracle:linux:aspnetcore-targeting-pack-6.0", "p-cpe:/a:oracle:linux:dotnet", "p-cpe:/a:oracle:linux:dotnet-apphost-pack-6.0", "p-cpe:/a:oracle:linux:dotnet-host", "p-cpe:/a:oracle:linux:dotnet-hostfxr-6.0", "p-cpe:/a:oracle:linux:dotnet-runtime-6.0", "p-cpe:/a:oracle:linux:dotnet-sdk-6.0", "p-cpe:/a:oracle:linux:dotnet-targeting-pack-6.0", "p-cpe:/a:oracle:linux:dotnet-templates-6.0", "p-cpe:/a:oracle:linux:netstandard-targeting-pack-2.1"], "id": "ORACLELINUX_ELSA-2022-0496.NASL", "href": "https://www.tenable.com/plugins/nessus/158726", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-0496.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158726);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\"CVE-2022-21986\");\n\n script_name(english:\"Oracle Linux 8 : .NET / 6.0 (ELSA-2022-0496)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2022-0496 advisory.\n\n - dotnet: ASP.NET Core Krestel HTTP headers pooling denial of service (CVE-2022-219862)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-0496.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-21986\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:aspnetcore-runtime-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:aspnetcore-targeting-pack-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-apphost-pack-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-hostfxr-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-runtime-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-sdk-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-targeting-pack-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-templates-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:netstandard-targeting-pack-2.1\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'aspnetcore-runtime-6.0-6.0.2-1.0.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-runtime-6.0-6.0.2-1.0.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-6.0-6.0.2-1.0.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-6.0-6.0.2-1.0.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-6.0.102-1.0.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-6.0.102-1.0.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-6.0-6.0.2-1.0.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-6.0-6.0.2-1.0.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-6.0.2-1.0.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-6.0.2-1.0.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-6.0-6.0.2-1.0.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-6.0-6.0.2-1.0.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-6.0-6.0.2-1.0.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-6.0-6.0.2-1.0.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-6.0.102-1.0.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-6.0.102-1.0.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-6.0-6.0.2-1.0.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-6.0-6.0.2-1.0.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-6.0-6.0.102-1.0.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-6.0-6.0.102-1.0.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netstandard-targeting-pack-2.1-6.0.102-1.0.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netstandard-targeting-pack-2.1-6.0.102-1.0.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'aspnetcore-runtime-6.0 / aspnetcore-targeting-pack-6.0 / dotnet / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "redhat": [{"lastseen": "2023-08-16T15:27:36", "description": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.102 and .NET Runtime 6.0.2.\n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Core Krestel HTTP headers pooling denial of service (CVE-2022-219862)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-02-09T08:26:35", "type": "redhat", "title": "(RHSA-2022:0496) Important: .NET 6.0 security and bugfix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21986", "CVE-2022-219862"], "modified": "2022-02-10T15:14:18", "id": "RHSA-2022:0496", "href": "https://access.redhat.com/errata/RHSA-2022:0496", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-08-16T15:27:36", "description": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.211 and .NET Runtime 5.0.14.\n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Core Krestel HTTP headers pooling denial of service (CVE-2022-219862)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-02-09T08:26:30", "type": "redhat", "title": "(RHSA-2022:0495) Important: .NET 5.0 security and bugfix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21986", "CVE-2022-219862"], "modified": "2022-02-10T15:13:25", "id": "RHSA-2022:0495", "href": "https://access.redhat.com/errata/RHSA-2022:0495", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-08-16T15:27:36", "description": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.211 and .NET Runtime 5.0.14.\n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Core Krestel HTTP headers pooling denial of service (CVE-2022-219862)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-02-09T13:31:57", "type": "redhat", "title": "(RHSA-2022:0499) Important: .NET 5.0 on RHEL 7 security and bugfix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21986", "CVE-2022-219862"], "modified": "2022-02-10T15:15:00", "id": "RHSA-2022:0499", "href": "https://access.redhat.com/errata/RHSA-2022:0499", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-08-16T15:27:36", "description": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.102 and .NET Runtime 6.0.2.\n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Core Krestel HTTP headers pooling denial of service (CVE-2022-219862)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-02-09T13:32:02", "type": "redhat", "title": "(RHSA-2022:0500) Important: .NET 6.0 on RHEL 7 security and bugfix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21986", "CVE-2022-219862"], "modified": "2022-02-10T15:16:25", "id": "RHSA-2022:0500", "href": "https://access.redhat.com/errata/RHSA-2022:0500", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "redhatcve": [{"lastseen": "2022-02-09T23:28:21", "description": "A vulnerability was found in dotnet\u2019s ASP.NET Core Krestel when pooling HTTP/2 and HTTP/3 headers. This flaw allows a remote, unauthenticated attacker to cause a denial of service.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-02-08T19:14:53", "type": "redhatcve", "title": "CVE-2022-219862", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-21986", "CVE-2022-219862"], "modified": "2022-02-09T21:22:46", "id": "RH:CVE-2022-219862", "href": "https://access.redhat.com/security/cve/cve-2022-219862", "cvss": {"score": 0.0, "vector": "NONE"}}]}
CVE-2022-219862
