Lucene search
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2014-6938.NASLHistoryJun 18, 2014 - 12:00 a.m.
Fedora 19 : mod_wsgi-3.5-1.fc19 (2014-6938)
2014-06-1800:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
6.2 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:C/I:C/A:C
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.071 Low
EPSS
Percentile
94.0%
http://modwsgi.readthedocs.org/en/develop/release-notes/version-3.5.ht ml
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2014-6938.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(76095);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2014-0240", "CVE-2014-0242");
script_bugtraq_id(67532, 67932);
script_xref(name:"FEDORA", value:"2014-6938");
script_name(english:"Fedora 19 : mod_wsgi-3.5-1.fc19 (2014-6938)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"http://modwsgi.readthedocs.org/en/develop/release-notes/version-3.5.ht
ml
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
# http://modwsgi.readthedocs.org/en/develop/release-notes/version-3.5.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?6e385372"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1101863"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1101873"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2014-June/134459.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?7d6022df"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected mod_wsgi package."
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mod_wsgi");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:19");
script_set_attribute(attribute:"patch_publication_date", value:"2014/05/31");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/18");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^19([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 19.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC19", reference:"mod_wsgi-3.5-1.fc19")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mod_wsgi");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fedoraproject | fedora | mod_wsgi | p-cpe:/a:fedoraproject:fedora:mod_wsgi |
| fedoraproject | fedora | 19 | cpe:/o:fedoraproject:fedora:19 |
Related
nessus
nessus
Amazon Linux AMI : mod24_wsgi (ALAS-2014-375)
2014-10-12 00:00:00
RHEL 6 : mod_wsgi (RHSA-2014:0788)
2014-06-26 00:00:00
gentoo
gentoo
mod_wsgi: Privilege escalation
2014-12-13 00:00:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2014-376)
2015-09-08 00:00:00
Debian Security Advisory DSA 2937-1 (mod-wsgi - security update)
2014-05-27 00:00:00
Ubuntu: Security Advisory (USN-2222-1)
2014-06-02 00:00:00
amazon
amazon
Important: mod_wsgi
2014-07-09 23:07:00
Important: mod24_wsgi
2014-07-09 23:02:00
securityvulns
securityvulns
mod-wsgi security vulnerabilities
2014-05-29 00:00:00
[SECURITY] [DSA 2937-1] mod-wsgi security update
2014-05-29 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: mod_wsgi-3.5-1.fc19
2014-06-17 23:35:19
[SECURITY] Fedora 20 Update: mod_wsgi-3.5-1.fc20
2014-06-17 23:26:05
redhat
redhat
(RHSA-2014:0788) Important: mod_wsgi security update
2014-06-25 00:00:00
(RHSA-2014:1091) Important: mod_wsgi security update
2014-08-25 00:00:00
ubuntu
ubuntu
mod_wsgi vulnerabilities
2014-05-26 00:00:00
centos
centos
mod_wsgi security update
2014-06-25 19:01:10
mod_wsgi security update
2014-08-25 12:17:55
oraclelinux
oraclelinux
mod_wsgi security update
2014-06-25 00:00:00
mod_wsgi security update
2014-08-25 00:00:00
osv
osv
mod-wsgi - security update
2014-05-27 00:00:00
debian
debian
[SECURITY] [DSA 2937-1] mod-wsgi security update
2014-05-27 14:35:16
veracode
veracode
Information Disclosure
2019-05-02 04:58:48
Privilege Escalation
2019-01-15 08:54:30
debiancve
debiancve
CVE-2014-0242
2019-12-09 20:15:09
CVE-2014-0240
2014-05-27 15:00:00
nvd
nvd
CVE-2014-0240
2014-05-27 14:55:12
CVE-2014-0242
2019-12-09 20:15:09
cvelist
cvelist
CVE-2014-0240
2014-05-27 15:00:00
CVE-2014-0242
2019-12-09 19:33:29
prion
prion
Design/Logic Flaw
2019-12-09 20:15:00
Code injection
2014-05-27 14:55:00
ubuntucve
ubuntucve
CVE-2014-0242
2014-05-23 00:00:00
CVE-2014-0240
2014-05-23 00:00:00
cve
cve
CVE-2014-0240
2014-05-27 15:00:00
CVE-2014-0242
2019-12-09 20:15:09
6.2 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:C/I:C/A:C
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.071 Low
EPSS
Percentile
94.0%
Related for FEDORA_2014-6938.NASL