Lucene search

K

Debian DLA-2181-1 : shiro security update

Debian DLA-2181-1: Apache Shiro path-traversal security update version 1.2.3-1+deb8u

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
Debian
[SECURITY] [DLA 2181-1] shiro security update
19 Apr 202009:31
debian
Debian
[SECURITY] [DLA 2273-1] shiro security update
8 Jul 202014:55
debian
OSV
shiro - security update
19 Apr 202000:00
osv
OSV
Improper Authentication in Apache Shiro
7 May 202115:53
osv
OSV
CVE-2020-1957
25 Mar 202016:15
osv
OSV
shiro vulnerabilities
18 Feb 202120:35
osv
OSV
shiro - security update
8 Jul 202000:00
osv
Veracode
Authentication Bypass
25 Mar 202003:09
veracode
Debian CVE
CVE-2020-1957
25 Mar 202016:15
debiancve
Prion
Authentication flaw
25 Mar 202016:15
prion
Rows per page
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-2181-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(135724);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/15");

  script_cve_id("CVE-2020-1957");

  script_name(english:"Debian DLA-2181-1 : shiro security update");

  script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"It was discovered that there was a path-traversal issue in Apache
Shiro, a security framework for the Java programming language. A
specially crafted request could cause an authentication bypass.

For Debian 8 'Jessie', this issue has been fixed in shiro version
1.2.3-1+deb8u1.

We recommend that you upgrade your shiro packages.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2020/04/msg00014.html");
  script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/jessie/shiro");
  script_set_attribute(attribute:"solution", value:
"Upgrade the affected libshiro-java package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-1957");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/03/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/04/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libshiro-java");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Debian Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"8.0", prefix:"libshiro-java", reference:"1.2.3-1+deb8u1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
20 Apr 2020 00:00Current
9.5High risk
Vulners AI Score9.5
CVSS27.5
CVSS39.8
EPSS0.008
22
.json
Report