Lucene search
This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2019-1300.NASLHistoryApr 30, 2019 - 12:00 a.m.
EulerOS 2.0 SP3 : java-1.8.0-openjdk (EulerOS-SA-2019-1300)
2019-04-3000:00:00
This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
8
2.6 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
3.1 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
0.002 Low
EPSS
Percentile
52.6%
According to the version of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :
- OpenJDK: memory disclosure in FileChannelImpl.
(CVE-2019-2422)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(124396);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/03/23");
script_cve_id("CVE-2019-2422");
script_name(english:"EulerOS 2.0 SP3 : java-1.8.0-openjdk (EulerOS-SA-2019-1300)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing a security update.");
script_set_attribute(attribute:"description", value:
"According to the version of the java-1.8.0-openjdk packages
installed, the EulerOS installation on the remote host is affected by
the following vulnerability :
- OpenJDK: memory disclosure in FileChannelImpl.
(CVE-2019-2422)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1300
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3ff86735");
script_set_attribute(attribute:"solution", value:
"Update the affected java-1.8.0-openjdk package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-2422");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"patch_publication_date", value:"2019/04/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/30");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:java-1.8.0-openjdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:java-1.8.0-openjdk-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:java-1.8.0-openjdk-headless");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(3)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["java-1.8.0-openjdk-1.8.0.191.b12-0.h1",
"java-1.8.0-openjdk-devel-1.8.0.191.b12-0.h1",
"java-1.8.0-openjdk-headless-1.8.0.191.b12-0.h1"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"3", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_NOTE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.8.0-openjdk");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| huawei | euleros | java-1.8.0-openjdk | p-cpe:/a:huawei:euleros:java-1.8.0-openjdk |
| huawei | euleros | java-1.8.0-openjdk-devel | p-cpe:/a:huawei:euleros:java-1.8.0-openjdk-devel |
| huawei | euleros | java-1.8.0-openjdk-headless | p-cpe:/a:huawei:euleros:java-1.8.0-openjdk-headless |
| huawei | euleros | 2.0 | cpe:/o:huawei:euleros:2.0 |
Related
redhat
redhat
(RHSA-2019:0462) Moderate: java-1.7.0-openjdk security update
2019-03-05 15:38:50
(RHSA-2019:0436) Moderate: java-11-openjdk security update
2019-02-28 08:30:33
(RHSA-2019:0416) Moderate: java-1.8.0-openjdk security update
2019-02-26 10:00:40
ubuntu
ubuntu
OpenJDK 7 vulnerability
2019-04-09 00:00:00
OpenJDK vulnerability
2019-01-30 00:00:00
OpenJDK 11 vulnerability
2019-04-16 00:00:00
nessus
nessus
RHEL 7 : java-1.7.0-openjdk (RHSA-2019:0464)
2019-03-06 00:00:00
Ubuntu 18.04 LTS : OpenJDK 11 vulnerability (USN-3949-1)
2019-04-17 00:00:00
Ubuntu 16.04 LTS : OpenJDK vulnerability (USN-3875-1)
2019-01-31 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-4410-1)
2019-03-19 00:00:00
CentOS Update for java CESA-2019:0464 centos7
2019-03-06 00:00:00
prion
prion
Design/Logic Flaw
2019-01-16 19:30:00
osv
osv
openjdk-7 - security update
2019-03-27 00:00:00
openjdk-8 - security update
2019-03-20 00:00:00
centos
centos
java security update
2019-03-06 00:38:36
java security update
2019-03-06 00:33:04
java security update
2019-02-26 18:10:55
oraclelinux
oraclelinux
java-1.7.0-openjdk security update
2019-03-05 00:00:00
java-1.7.0-openjdk security update
2019-03-05 00:00:00
java-11-openjdk security update
2019-03-02 00:00:00
amazon
amazon
Medium: java-1.8.0-openjdk, java-1.7.0-openjdk
2019-03-21 19:21:00
Medium: java-1.7.0-openjdk
2019-03-18 19:02:00
debian
debian
[SECURITY] [DSA 4410-1] openjdk-8 security update
2019-03-20 22:03:03
[SECURITY] [DLA 1732-1] openjdk-7 security update
2019-03-27 09:41:27
cve
cve
CVE-2019-2422
2019-01-16 19:30:31
debiancve
debiancve
CVE-2019-2422
2019-01-16 19:30:31
redhatcve
redhatcve
CVE-2019-2422
2019-10-19 18:58:44
veracode
veracode
Information Disclosure
2019-05-16 03:56:39
alpinelinux
alpinelinux
CVE-2019-2422
2019-01-16 19:30:31
ubuntucve
ubuntucve
CVE-2019-2422
2019-01-16 00:00:00
nvd
nvd
CVE-2019-2422
2019-01-16 19:30:31
cvelist
cvelist
CVE-2019-2422
2019-01-16 19:00:00
ibm
ibm
suse
suse
Security update for java-1_8_0-openjdk (important)
2019-03-18 00:00:00
Security update for java-11-openjdk (important)
2019-02-12 00:00:00
Security update for java-1_7_0-openjdk (moderate)
2019-06-03 00:00:00
f5
f5
kaspersky
kaspersky
KLA11403 Multiple vulnerabilities in Oracle Java SE
2019-01-15 00:00:00
mageia
mageia
Updated java-1.8.0-openjdk packages fix security vulnerability
2019-02-13 14:08:25
photon
photon
Important Photon OS Security Update - PHSA-2019-0232
2019-05-09 00:00:00
Critical Photon OS Security Update - PHSA-2019-0002
2019-02-26 00:00:00
Critical Photon OS Security Update - PHSA-2019-0159
2019-05-10 00:00:00
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2019-04-16 10:52:12
gentoo
gentoo
Oracle JDK/JRE: Multiple vulnerabilities
2019-03-14 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2019
2019-01-15 00:00:00
2.6 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
3.1 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
0.002 Low
EPSS
Percentile
52.6%
Related for EULEROS_SA-2019-1300.NASL