In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean. (CVE-2019-10086)
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2 Security Advisory ALAS-2020-1395.
#
include('compat.inc');
if (description)
{
script_id(133867);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/26");
script_cve_id("CVE-2019-10086");
script_xref(name:"ALAS", value:"2020-1395");
script_xref(name:"CEA-ID", value:"CEA-2021-0025");
script_xref(name:"CEA-ID", value:"CEA-2021-0004");
script_name(english:"Amazon Linux 2 : apache-commons-beanutils (ALAS-2020-1395)");
script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2 host is missing a security update.");
script_set_attribute(attribute:"description", value:
"In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class
was added which allows suppressing the ability for an attacker to
access the classloader via the class property available on all Java
objects. We, however were not using this by default characteristic of
the PropertyUtilsBean. (CVE-2019-10086)");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALAS-2020-1395.html");
script_set_attribute(attribute:"solution", value:
"Run 'yum update apache-commons-beanutils' to update your system.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-10086");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/20");
script_set_attribute(attribute:"patch_publication_date", value:"2020/02/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/24");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:apache-commons-beanutils");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:apache-commons-beanutils-javadoc");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Amazon Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "2")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (rpm_check(release:"AL2", reference:"apache-commons-beanutils-1.8.3-15.amzn2")) flag++;
if (rpm_check(release:"AL2", reference:"apache-commons-beanutils-javadoc-1.8.3-15.amzn2")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache-commons-beanutils / apache-commons-beanutils-javadoc");
}
Vendor | Product | Version | CPE |
---|---|---|---|
amazon | linux | apache-commons-beanutils | p-cpe:/a:amazon:linux:apache-commons-beanutils |
amazon | linux | apache-commons-beanutils-javadoc | p-cpe:/a:amazon:linux:apache-commons-beanutils-javadoc |
amazon | linux | 2 | cpe:/o:amazon:linux:2 |