Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2021-1982.NASL
HistoryJun 28, 2021 - 12:00 a.m.

EulerOS 2.0 SP8 : java-1.8.0-openjdk (EulerOS-SA-2021-1982)

2021-06-2800:00:00
This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
JSON

According to the versions of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  • Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15 Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.(CVE-2020-14779)

  • Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15 Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data.(CVE-2020-14798)

  • Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15 Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data.(CVE-2020-14797)

  • Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15 Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.(CVE-2020-14781)

  • Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15 Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.(CVE-2020-14796)

  • Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15 Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data.(CVE-2020-14782)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(151032);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/06/30");

  script_cve_id(
    "CVE-2020-14779",
    "CVE-2020-14781",
    "CVE-2020-14782",
    "CVE-2020-14796",
    "CVE-2020-14797",
    "CVE-2020-14798"
  );

  script_name(english:"EulerOS 2.0 SP8 : java-1.8.0-openjdk (EulerOS-SA-2021-1982)");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the java-1.8.0-openjdk packages
installed, the EulerOS installation on the remote host is affected by
the following vulnerabilities :

  - Vulnerability in the Java SE, Java SE Embedded product
    of Oracle Java SE (component: Serialization). Supported
    versions that are affected are Java SE: 7u271, 8u261,
    11.0.8 and 15 Java SE Embedded: 8u261. Difficult to
    exploit vulnerability allows unauthenticated attacker
    with network access via multiple protocols to
    compromise Java SE, Java SE Embedded. Successful
    attacks of this vulnerability can result in
    unauthorized ability to cause a partial denial of
    service (partial DOS) of Java SE, Java SE
    Embedded.(CVE-2020-14779)

  - Vulnerability in the Java SE, Java SE Embedded product
    of Oracle Java SE (component: Libraries). Supported
    versions that are affected are Java SE: 7u271, 8u261,
    11.0.8 and 15 Java SE Embedded: 8u261. Difficult to
    exploit vulnerability allows unauthenticated attacker
    with network access via multiple protocols to
    compromise Java SE, Java SE Embedded. Successful
    attacks require human interaction from a person other
    than the attacker. Successful attacks of this
    vulnerability can result in unauthorized update, insert
    or delete access to some of Java SE, Java SE Embedded
    accessible data.(CVE-2020-14798)

  - Vulnerability in the Java SE, Java SE Embedded product
    of Oracle Java SE (component: Libraries). Supported
    versions that are affected are Java SE: 7u271, 8u261,
    11.0.8 and 15 Java SE Embedded: 8u261. Difficult to
    exploit vulnerability allows unauthenticated attacker
    with network access via multiple protocols to
    compromise Java SE, Java SE Embedded. Successful
    attacks of this vulnerability can result in
    unauthorized update, insert or delete access to some of
    Java SE, Java SE Embedded accessible
    data.(CVE-2020-14797)

  - Vulnerability in the Java SE, Java SE Embedded product
    of Oracle Java SE (component: JNDI). Supported versions
    that are affected are Java SE: 7u271, 8u261, 11.0.8 and
    15 Java SE Embedded: 8u261. Difficult to exploit
    vulnerability allows unauthenticated attacker with
    network access via multiple protocols to compromise
    Java SE, Java SE Embedded. Successful attacks of this
    vulnerability can result in unauthorized read access to
    a subset of Java SE, Java SE Embedded accessible
    data.(CVE-2020-14781)

  - Vulnerability in the Java SE, Java SE Embedded product
    of Oracle Java SE (component: Libraries). Supported
    versions that are affected are Java SE: 7u271, 8u261,
    11.0.8 and 15 Java SE Embedded: 8u261. Difficult to
    exploit vulnerability allows unauthenticated attacker
    with network access via multiple protocols to
    compromise Java SE, Java SE Embedded. Successful
    attacks require human interaction from a person other
    than the attacker. Successful attacks of this
    vulnerability can result in unauthorized read access to
    a subset of Java SE, Java SE Embedded accessible
    data.(CVE-2020-14796)

  - Vulnerability in the Java SE, Java SE Embedded product
    of Oracle Java SE (component: Libraries). Supported
    versions that are affected are Java SE: 7u271, 8u261,
    11.0.8 and 15 Java SE Embedded: 8u261. Difficult to
    exploit vulnerability allows unauthenticated attacker
    with network access via multiple protocols to
    compromise Java SE, Java SE Embedded. Successful
    attacks of this vulnerability can result in
    unauthorized update, insert or delete access to some of
    Java SE, Java SE Embedded accessible
    data.(CVE-2020-14782)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1982
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?69e7a8cd");
  script_set_attribute(attribute:"solution", value:
"Update the affected java-1.8.0-openjdk packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-14797");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"patch_publication_date", value:"2021/06/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/06/28");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:java-1.8.0-openjdk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:java-1.8.0-openjdk-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:java-1.8.0-openjdk-headless");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);

flag = 0;

pkgs = ["java-1.8.0-openjdk-1.8.0.181.b15-5.h18.eulerosv2r8",
        "java-1.8.0-openjdk-devel-1.8.0.181.b15-5.h18.eulerosv2r8",
        "java-1.8.0-openjdk-headless-1.8.0.181.b15-5.h18.eulerosv2r8"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.8.0-openjdk");
}
VendorProductVersionCPE
huaweieulerosjava-1.8.0-openjdkp-cpe:/a:huawei:euleros:java-1.8.0-openjdk
huaweieulerosjava-1.8.0-openjdk-develp-cpe:/a:huawei:euleros:java-1.8.0-openjdk-devel
huaweieulerosjava-1.8.0-openjdk-headlessp-cpe:/a:huawei:euleros:java-1.8.0-openjdk-headless
huaweieuleros2.0cpe:/o:huawei:euleros:2.0

Related

openvas 24
redhat 11
nessus 57
ibm 74
suse 2
fedora 6
osv 4
ubuntu 2
kaspersky 1
debian 2
aix 1
mageia 1
centos 3
oraclelinux 5
amazon 3
f5 2
gentoo 1
openvas
openvas
Huawei EulerOS: Security Advisory for java-1.8.0-openjdk (EulerOS-SA-2021-1982)
2021-06-29 00:00:00
Oracle Java SE Security Update (cpuoct2020 - 01) - Windows
2020-10-21 00:00:00
Oracle Java SE Security Update (cpuoct2020 - 01) - Linux
2020-10-21 00:00:00
redhat
redhat
(RHSA-2020:5586) Moderate: java-1.7.1-ibm security update
2020-12-16 14:59:17
(RHSA-2020:4349) Moderate: java-1.8.0-openjdk security update
2020-10-26 19:47:32
(RHSA-2020:4307) Moderate: java-11-openjdk security update
2020-10-22 10:29:24
nessus
nessus
RHEL 7 : java-1.7.1-ibm (RHSA-2020:5586)
2020-12-18 00:00:00
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : OpenJDK vulnerabilities (USN-4607-1)
2020-10-28 00:00:00
Amazon Corretto Java 8.x < 8.272.10.3 Multiple Vulnerabilities
2022-04-01 00:00:00
ibm
ibm
Security Bulletin: Security Vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU - Oct 2020 - affect multiple IBM Continuous Engineering products based on IBM Jazz Technology
2021-12-01 18:20:55
Security Bulletin: Multiple vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Security Identity Manager
2021-01-21 16:11:45
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Netcool Agile Service Manager
2021-11-25 09:04:23
suse
suse
Security update for java-11-openjdk (moderate)
2020-11-21 00:00:00
Security update for java-11-openjdk (moderate)
2020-11-21 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: java-1.8.0-openjdk-1.8.0.272.b10-0.fc33
2020-10-26 01:07:14
[SECURITY] Fedora 31 Update: java-11-openjdk-11.0.9.11-0.fc31
2020-10-31 02:02:15
[SECURITY] Fedora 32 Update: java-1.8.0-openjdk-1.8.0.272.b10-0.fc32
2020-10-31 02:02:10
osv
osv
openjdk-11 - security update
2020-10-25 00:00:00
openjdk-8, openjdk-lts vulnerabilities
2020-10-27 23:15:43
openjdk-8, openjdk-lts regressions
2020-11-12 21:58:30
ubuntu
ubuntu
OpenJDK vulnerabilities
2020-10-27 00:00:00
OpenJDK regressions
2020-11-12 00:00:00
kaspersky
kaspersky
KLA11985 Multiple vulnerabilities in Oracle Java SE
2020-10-20 00:00:00
debian
debian
[SECURITY] [DLA 2412-1] openjdk-8 security update
2020-10-30 09:23:09
[SECURITY] [DSA 4779-1] openjdk-11 security update
2020-10-25 10:14:25
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2021-03-15 10:22:29
mageia
mageia
Updated java-1.8.0-openjdk packages fix security vulnerabilities
2020-11-14 00:20:36
centos
centos
java security update
2020-11-06 21:58:30
java security update
2020-11-09 13:12:26
java security update
2020-11-06 21:59:28
oraclelinux
oraclelinux
java-1.8.0-openjdk security update
2020-10-27 00:00:00
java-11-openjdk security and bug fix update
2020-10-22 00:00:00
java-1.8.0-openjdk security and bug fix update
2020-10-27 00:00:00
amazon
amazon
Medium: java-1.8.0-openjdk
2021-01-05 23:34:00
Medium: java-1.8.0-openjdk
2021-01-12 22:51:00
Medium: java-1.8.0-openjdk
2020-12-16 20:31:00
f5
f5
K000135534 : Java vulnerabilities CVE-2020-14779, CVE-2020-14782
2023-07-19 00:00:00
K45012029 : OpenJDK vulnerability CVE-2020-14796, CVE-2020-14798, CVE-2020-14803
2022-10-25 00:00:00
gentoo
gentoo
OpenJDK: Multiple vulnerabilities
2021-01-25 00:00:00
JSON
Related for EULEROS_SA-2021-1982.NASL
openvas24redhat11nessus57ibm74suse2fedora6osv4ubuntu2kaspersky1debian2aix1mageia1centos3oraclelinux5amazon3f52gentoo1