Lucene search
This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.F5_BIGIP_SOL01049383.NASLHistoryDec 31, 2019 - 12:00 a.m.
F5 Networks BIG-IP : BIG-IP restjavad vulnerability (K01049383)
2019-12-3100:00:00
This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
30
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
6.6
Confidence
High
EPSS
0.001
Percentile
28.4%
Sensitive information is logged into the local log files and/or remote logging targets when restjavad processes an invalid request. Users with access to the log files would be able to view that data.
(CVE-2019-6662)
Impact
When logging invalid requests,such as HTTP code 400 errors, the restjavad process includes the request body in the log message. During authentication operations, the request body includes credentialsand potentially other sensitive data, which is propagated to the log. No information is directly exposed, and attacks will not be able to take control when 400 errors occur, butwhen the system is in a state in which processing errors occur, sensitive data may be logged. Users with access to logs will be able to view that data.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from F5 Networks BIG-IP Solution K01049383.
#
# The text description of this plugin is (C) F5 Networks.
#
include('compat.inc');
if (description)
{
script_id(132549);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/02");
script_cve_id("CVE-2019-6662");
script_name(english:"F5 Networks BIG-IP : BIG-IP restjavad vulnerability (K01049383)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"Sensitive information is logged into the local log files and/or remote
logging targets when restjavad processes an invalid request. Users
with access to the log files would be able to view that data.
(CVE-2019-6662)
Impact
When logging invalid requests,such as HTTP code 400 errors, the
restjavad process includes the request body in the log message. During
authentication operations, the request body includes credentialsand
potentially other sensitive data, which is propagated to the log. No
information is directly exposed, and attacks will not be able to take
control when 400 errors occur, butwhen the system is in a state in
which processing errors occur, sensitive data may be logged. Users
with access to logs will be able to view that data.");
script_set_attribute(attribute:"see_also", value:"https://my.f5.com/manage/s/article/K01049383");
script_set_attribute(attribute:"solution", value:
"Upgrade to one of the non-vulnerable versions listed in the F5 Solution K01049383.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-6662");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/15");
script_set_attribute(attribute:"patch_publication_date", value:"2019/11/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/31");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_advanced_firewall_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_acceleration_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_visibility_and_reporting");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_domain_name_system");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_policy_enforcement_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_webaccelerator");
script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"F5 Networks Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("f5_bigip_detect.nbin");
script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version");
exit(0);
}
include('f5_func.inc');
if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var version = get_kb_item('Host/BIG-IP/version');
if ( ! version ) audit(AUDIT_OS_NOT, 'F5 Networks BIG-IP');
if ( isnull(get_kb_item('Host/BIG-IP/hotfix')) ) audit(AUDIT_KB_MISSING, 'Host/BIG-IP/hotfix');
if ( ! get_kb_item('Host/BIG-IP/modules') ) audit(AUDIT_KB_MISSING, 'Host/BIG-IP/modules');
var sol = 'K01049383';
var vmatrix = {
'AFM': {
'affected': [
'13.1.0-13.1.1'
],
'unaffected': [
'14.0.0','13.1.1.5'
],
},
'AM': {
'affected': [
'13.1.0-13.1.1'
],
'unaffected': [
'14.0.0','13.1.1.5'
],
},
'APM': {
'affected': [
'13.1.0-13.1.1'
],
'unaffected': [
'14.0.0','13.1.1.5'
],
},
'ASM': {
'affected': [
'13.1.0-13.1.1'
],
'unaffected': [
'14.0.0','13.1.1.5'
],
},
'AVR': {
'affected': [
'13.1.0-13.1.1'
],
'unaffected': [
'14.0.0','13.1.1.5'
],
},
'DNS': {
'affected': [
'13.1.0-13.1.1'
],
'unaffected': [
'14.0.0','13.1.1.5'
],
},
'GTM': {
'affected': [
'13.1.0-13.1.1'
],
'unaffected': [
'14.0.0','13.1.1.5'
],
},
'LC': {
'affected': [
'13.1.0-13.1.1'
],
'unaffected': [
'14.0.0','13.1.1.5'
],
},
'LTM': {
'affected': [
'13.1.0-13.1.1'
],
'unaffected': [
'14.0.0','13.1.1.5'
],
},
'PEM': {
'affected': [
'13.1.0-13.1.1'
],
'unaffected': [
'14.0.0','13.1.1.5'
],
},
'WAM': {
'affected': [
'13.1.0-13.1.1'
],
'unaffected': [
'14.0.0','13.1.1.5'
],
}
};
if (bigip_is_affected(vmatrix:vmatrix, sol:sol))
{
var extra = NULL;
if (report_verbosity > 0) extra = bigip_report_get();
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : extra
);
}
else
{
var tested = bigip_get_tested_modules();
var audit_extra = 'For BIG-IP module(s) ' + tested + ',';
if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);
else audit(AUDIT_HOST_NOT, 'running any of the affected modules');
}
Related
cve
cve
CVE-2019-6662
2019-11-15 21:15:11
prion
prion
Design/Logic Flaw
2019-11-15 21:15:00
f5
f5
K01049383 : BIG-IP restjavad vulnerability CVE-2019-6662
2019-11-14 00:00:00
nvd
nvd
CVE-2019-6662
2019-11-15 21:15:11
cvelist
cvelist
CVE-2019-6662
2019-11-15 20:45:17
symantec
symantec
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
6.6
Confidence
High
EPSS
0.001
Percentile
28.4%
Related for F5_BIGIP_SOL01049383.NASL