Lucene search
K

EulerOS Virtualization 3.0.2.0 : apr-util (EulerOS-SA-2023-1691)

🗓️ 07 May 2023 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 22 Views

EulerOS Virtualization 3.0.2.0 apr-util CVE-2017-1261

Related
Refs
Code
ReporterTitlePublishedViews
Family
Gitee
Exploit for Unrestricted Upload of File with Dangerous Type in Apache Tomcat
16 May 202116:14
gitee
Gitee
Exploit for Unrestricted Upload of File with Dangerous Type in Apache Tomcat
27 Apr 202114:33
gitee
Gitee
Exploit for Unrestricted Upload of File with Dangerous Type in Apache Tomcat
22 Oct 202115:45
gitee
IBM Security Bulletins
Security Bulletin: Security Vulnerabilities in IBM HTTP Server (CVE-2017-9798, CVE-2017-12618)
15 Jun 201807:08
ibm
IBM Security Bulletins
Security Bulletin: Security vulnerabilities have been identified in IBM HTTP Server shipped with IBM Rational ClearQuest (CVE-2017-9798, CVE-2017-12618)
4 Feb 202016:40
ibm
IBM Security Bulletins
Security Bulletin: Security vulnerabilities have been identified in IBM HTTP Server shipped with IBM Rational ClearCase (CVE-2017-9798, CVE-2017-12618)
10 Jul 201808:34
ibm
IBM Security Bulletins
Security Bulletin: IBM Security SiteProtector System is affected by Apache HTTP Server vulnerabilities
25 Apr 201907:45
ibm
IBM Security Bulletins
WebSphere Application Server and IBM HTTP Server Security Bulletin List
13 Jul 202218:04
ibm
IBM Security Bulletins
Security Bulletin: IBM Engineering Requirements Management DOORS/DWA vulnerabilities addressed in 9.7.2.9
15 Apr 202502:49
ibm
IBM Security Bulletins
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway (CVE-2017-9798, CVE-2017-12618)
16 Jun 201822:04
ibm
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(175226);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/02/20");

  script_cve_id("CVE-2017-12618");

  script_name(english:"EulerOS Virtualization 3.0.2.0 : apr-util (EulerOS-SA-2023-1691)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the apr-util package installed, the EulerOS Virtualization installation on the remote host
is affected by the following vulnerabilities :

  - Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database
    files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with
    write access to the database can make a program or process using these functions crash, and cause a denial
    of service. (CVE-2017-12618)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2023-1691
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?243f65d3");
  script_set_attribute(attribute:"solution", value:
"Update the affected apr-util packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-12618");
  script_set_attribute(attribute:"cvss3_score_rationale", value:"Scoring adjustsed to align with CVSS 3.1 attack complexity guidance.");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/23");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/05/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/05/07");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:apr-util");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023-2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var _release = get_kb_item("Host/EulerOS/release");
if (isnull(_release) || _release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.2.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.2.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu && "x86" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);

var flag = 0;

var pkgs = [
  "apr-util-1.5.2-6.h1"
];

foreach (var pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_NOTE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apr-util");
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

20 Feb 2025 00:00Current
5.7Medium risk
Vulners AI Score5.7
CVSS 21.9
CVSS 34.7
EPSS0.00596
22