Description
Fix for CVE-2020-11078
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Related
{"id": "FEDORA_2020-A7A15A9687.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 32 : python-httplib2 (2020-a7a15a9687)", "description": "Fix for CVE-2020-11078\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2020-06-17T00:00:00", "modified": "2020-06-22T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {}, "cvss3": {"score": 6.8, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"}, "href": "https://www.tenable.com/plugins/nessus/137428", "reporter": "This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11078", "https://bodhi.fedoraproject.org/updates/FEDORA-2020-a7a15a9687"], "cvelist": ["CVE-2020-11078"], "immutableFields": [], "lastseen": "2022-07-06T14:12:33", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2020-1420"]}, {"type": "centos", "idList": ["CESA-2020:5003", "CESA-2020:5004"]}, {"type": "cve", "idList": ["CVE-2020-11078"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2232-1:7D37D", "DEBIAN:DLA-2232-1:FEE15"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-11078"]}, {"type": "fedora", "idList": ["FEDORA:5F7713111683", "FEDORA:6A1FD313C27B"]}, {"type": "github", "idList": ["GHSA-GG84-QGV9-W4PQ"]}, {"type": "nessus", "idList": ["ALA_ALAS-2020-1420.NASL", "CENTOS8_RHSA-2020-4605.NASL", "CENTOS_RHSA-2020-5003.NASL", "CENTOS_RHSA-2020-5004.NASL", "DEBIAN_DLA-2232.NASL", "FEDORA_2020-37779A5C93.NASL", "NEWSTART_CGSL_NS-SA-2021-0028_FENCE-AGENTS.NASL", "NEWSTART_CGSL_NS-SA-2021-0034_RESOURCE-AGENTS.NASL", "NEWSTART_CGSL_NS-SA-2021-0146_FENCE-AGENTS.NASL", "NEWSTART_CGSL_NS-SA-2021-0155_RESOURCE-AGENTS.NASL", "OPENSUSE-2021-1806.NASL", "OPENSUSE-2021-772.NASL", "ORACLELINUX_ELSA-2020-5003.NASL", "ORACLELINUX_ELSA-2020-5947.NASL", "REDHAT-RHSA-2020-4605.NASL", "REDHAT-RHSA-2020-5003.NASL", "REDHAT-RHSA-2020-5004.NASL", "REDHAT-RHSA-2021-2116.NASL", "VIRTUOZZO_VZLSA-2020-5003.NASL", "VIRTUOZZO_VZLSA-2020-5004.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310877959", "OPENVAS:1361412562310877983", "OPENVAS:1361412562310892232"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-5003", "ELSA-2020-5004", "ELSA-2020-5947"]}, {"type": "redhat", "idList": ["RHSA-2020:4605", "RHSA-2020:5003", "RHSA-2020:5004", "RHSA-2021:2116"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-11078"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0772-1", "OPENSUSE-SU-2021:0796-1", "OPENSUSE-SU-2021:1806-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-11078"]}], "rev": 4}, "score": {"value": 6.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2020-1420"]}, {"type": "centos", "idList": ["CESA-2020:5003", "CESA-2020:5004"]}, {"type": "cve", "idList": ["CVE-2020-11078"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2232-1:7D37D"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-11078"]}, {"type": "fedora", "idList": ["FEDORA:5F7713111683", "FEDORA:6A1FD313C27B"]}, {"type": "github", "idList": ["GHSA-GG84-QGV9-W4PQ"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2020-5003.NASL", "CENTOS_RHSA-2020-5004.NASL", "DEBIAN_DLA-2232.NASL", "OPENSUSE-2021-1806.NASL", "ORACLELINUX_ELSA-2020-5003.NASL", "ORACLELINUX_ELSA-2020-5947.NASL", "REDHAT-RHSA-2020-4605.NASL", "REDHAT-RHSA-2020-5003.NASL", "REDHAT-RHSA-2020-5004.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310892232"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-5003", "ELSA-2020-5947"]}, {"type": "redhat", "idList": ["RHSA-2020:4605"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-11078"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0772-1", "OPENSUSE-SU-2021:0796-1", "OPENSUSE-SU-2021:1806-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-11078"]}]}, "exploitation": null, "vulnersScore": 6.3}, "_state": {"dependencies": 0}, "_internal": {}, "pluginID": "137428", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-a7a15a9687.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137428);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/22\");\n\n script_cve_id(\"CVE-2020-11078\");\n script_xref(name:\"FEDORA\", value:\"2020-a7a15a9687\");\n\n script_name(english:\"Fedora 32 : python-httplib2 (2020-a7a15a9687)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Fix for CVE-2020-11078\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-a7a15a9687\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected python-httplib2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python-httplib2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 32\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC32\", reference:\"python-httplib2-0.18.1-3.fc32\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-httplib2\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["p-cpe:/a:fedoraproject:fedora:python-httplib2", "cpe:/o:fedoraproject:fedora:32"], "solution": "Update the affected python-httplib2 package.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "5.2"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2020-06-16T00:00:00", "vulnerabilityPublicationDate": "2020-05-20T00:00:00", "exploitableWith": []}
{"github": [{"lastseen": "2022-05-13T12:33:16", "description": "### Impact\nAttacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server.\n\nImpacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping.\n\n### Patches\nProblem has been fixed in 0.18.0\nSpace, CR, LF characters are now quoted before any use.\nThis solution should not impact any valid usage of httplib2 library, that is uri constructed by urllib.\n\n### Workarounds\nCreate URI with `urllib.parse` family functions: `urlencode`, `urlunsplit`.\n\n```diff\nuser_input = \" HTTP/1.1\\r\\ninjected: attack\\r\\nignore-http:\"\n-uri = \"https://api.server/?q={}\".format(user_input)\n+uri = urllib.parse.urlunsplit((\"https\", \"api.server\", \"/v1\", urllib.parse.urlencode({\"q\": user_input}), \"\"))\nhttp.request(uri)\n```\n\n### References\nhttps://cwe.mitre.org/data/definitions/93.html\nhttps://docs.python.org/3/library/urllib.parse.html\n\nThanks to Recar https://github.com/Ciyfly for finding vulnerability and discrete notification.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [httplib2](https://github.com/httplib2/httplib2/issues/new)\n* Email [current maintainer at 2020-05](mailto:temotor@gmail.com)", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.8, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2020-05-20T15:55:47", "type": "github", "title": "CRLF injection in httplib2", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11078"], "modified": "2022-04-19T19:02:26", "id": "GHSA-GG84-QGV9-W4PQ", "href": "https://github.com/advisories/GHSA-gg84-qgv9-w4pq", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:26:23", "description": "In httplib2 before version 0.18.0, an attacker controlling unescaped part\nof uri for `httplib2.Http.request()` could change request headers and body,\nsend additional hidden requests to same server. This vulnerability impacts\nsoftware that uses httplib2 with uri constructed by string concatenation,\nas opposed to proper urllib building with escaping. This has been fixed in\n0.18.0.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2020-05-20T00:00:00", "type": "ubuntucve", "title": "CVE-2020-11078", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11078"], "modified": "2020-05-20T00:00:00", "id": "UB:CVE-2020-11078", "href": "https://ubuntu.com/security/CVE-2020-11078", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "centos": [{"lastseen": "2022-02-27T11:49:31", "description": "**CentOS Errata and Security Advisory** CESA-2020:5003\n\n\nThe fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. \n\nSecurity Fix(es):\n\n* python-httplib2: CRLF injection via an attacker controlled unescaped part of uri for httplib2.Http.request function (CVE-2020-11078)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* fence_lpar: Long username, HMC hostname, or managed system name causes failures [RHEL 7] (BZ#1860545)\n\n* InstanceHA does not evacuate instances created with private flavor in tenant project (RHEL7) (BZ#1862024)\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2020-November/060744.html\n\n**Affected packages:**\nfence-agents\nfence-agents-aliyun\nfence-agents-all\nfence-agents-amt-ws\nfence-agents-apc\nfence-agents-apc-snmp\nfence-agents-aws\nfence-agents-azure-arm\nfence-agents-bladecenter\nfence-agents-brocade\nfence-agents-cisco-mds\nfence-agents-cisco-ucs\nfence-agents-common\nfence-agents-compute\nfence-agents-drac5\nfence-agents-eaton-snmp\nfence-agents-emerson\nfence-agents-eps\nfence-agents-gce\nfence-agents-heuristics-ping\nfence-agents-hpblade\nfence-agents-ibmblade\nfence-agents-ifmib\nfence-agents-ilo-moonshot\nfence-agents-ilo-mp\nfence-agents-ilo-ssh\nfence-agents-ilo2\nfence-agents-intelmodular\nfence-agents-ipdu\nfence-agents-ipmilan\nfence-agents-kdump\nfence-agents-lpar\nfence-agents-mpath\nfence-agents-redfish\nfence-agents-rhevm\nfence-agents-rsa\nfence-agents-rsb\nfence-agents-sbd\nfence-agents-scsi\nfence-agents-virsh\nfence-agents-vmware-rest\nfence-agents-vmware-soap\nfence-agents-wti\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2020:5003", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2020-11-18T17:43:50", "type": "centos", "title": "fence security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11078"], "modified": "2020-11-18T17:43:50", "id": "CESA-2020:5003", "href": "https://lists.centos.org/pipermail/centos-announce/2020-November/060744.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-02-27T11:49:30", "description": "**CentOS Errata and Security Advisory** CESA-2020:5004\n\n\nThe resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability (HA) environment.\n\nSecurity Fix(es):\n\n* python-httplib2: CRLF injection via an attacker controlled unescaped part of uri for httplib2.Http.request function (CVE-2020-11078)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* gcp-vpc-move-vip: An existing alias IP range is removed when a second alias IP range is added (BZ#1846732)\n\n* sybaseASE: Resource fails to complete a probe operation without access to $sybase_home [RHEL 7] (BZ#1848673)\n\n* azure-lb: Resource fails intermittently due to nc output redirection to pidfile (BZ#1850779)\n\n* azure-events: handle exceptions in urlopen (RHEL7) (BZ#1862121)\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2020-November/060717.html\n\n**Affected packages:**\nresource-agents\nresource-agents-aliyun\nresource-agents-gcp\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2020:5004", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2020-11-18T17:30:01", "type": "centos", "title": "resource security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11078"], "modified": "2020-11-18T17:30:01", "id": "CESA-2020:5004", "href": "https://lists.centos.org/pipermail/centos-announce/2020-November/060717.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "fedora": [{"lastseen": "2021-07-28T14:46:51", "description": "A comprehensive HTTP client library that supports many features left out of other HTTP libraries. ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2020-06-16T01:32:54", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: python-httplib2-0.18.1-3.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11078"], "modified": "2020-06-16T01:32:54", "id": "FEDORA:5F7713111683", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IXCX2AWROGWGY5GXR7VN3BKF34A2FO6J/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-07-28T14:46:51", "description": "A comprehensive HTTP client library that supports many features left out of other HTTP libraries. ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2020-06-23T01:14:28", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: python-httplib2-0.18.1-3.fc31", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11078"], "modified": "2020-06-23T01:14:28", "id": "FEDORA:6A1FD313C27B", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PZJ3D6JSM7CFZESZZKGUW2VX55BOSOXI/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "amazon": [{"lastseen": "2021-07-25T19:22:57", "description": "**Issue Overview:**\n\nIn httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0. (CVE-2020-11078) \n\n\n \n**Affected Packages:** \n\n\npython-httplib2\n\n \n**Issue Correction:** \nRun _yum update python-httplib2_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n noarch: \n \u00a0\u00a0\u00a0 python26-httplib2-0.18.1-1.13.amzn1.noarch \n \u00a0\u00a0\u00a0 python27-httplib2-0.18.1-1.13.amzn1.noarch \n \n src: \n \u00a0\u00a0\u00a0 python-httplib2-0.18.1-1.13.amzn1.src \n \n \n", "edition": 2, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2020-08-26T23:09:00", "type": "amazon", "title": "Medium: python-httplib2", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11078"], "modified": "2020-08-31T20:09:00", "id": "ALAS-2020-1420", "href": "https://alas.aws.amazon.com/ALAS-2020-1420.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "openvas": [{"lastseen": "2020-06-25T13:48:53", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-06-23T00:00:00", "type": "openvas", "title": "Fedora: Security Advisory for python-httplib2 (FEDORA-2020-37779a5c93)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11078"], "modified": "2020-06-24T00:00:00", "id": "OPENVAS:1361412562310877959", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877959", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877959\");\n script_version(\"2020-06-24T03:42:18+0000\");\n script_cve_id(\"CVE-2020-11078\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-06-24 03:42:18 +0000 (Wed, 24 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-23 03:19:12 +0000 (Tue, 23 Jun 2020)\");\n script_name(\"Fedora: Security Advisory for python-httplib2 (FEDORA-2020-37779a5c93)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC31\");\n\n script_xref(name:\"FEDORA\", value:\"2020-37779a5c93\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZJ3D6JSM7CFZESZZKGUW2VX55BOSOXI\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python-httplib2'\n package(s) announced via the FEDORA-2020-37779a5c93 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A comprehensive HTTP client library that supports many features left out of\nother HTTP libraries.\");\n\n script_tag(name:\"affected\", value:\"'python-httplib2' package(s) on Fedora 31.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC31\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"python-httplib2\", rpm:\"python-httplib2~0.18.1~3.fc31\", rls:\"FC31\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-06-03T15:52:40", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-06-02T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for python-httplib2 (DLA-2232-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11078"], "modified": "2020-06-02T00:00:00", "id": "OPENVAS:1361412562310892232", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892232", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892232\");\n script_version(\"2020-06-02T03:00:06+0000\");\n script_cve_id(\"CVE-2020-11078\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-06-02 03:00:06 +0000 (Tue, 02 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-02 03:00:06 +0000 (Tue, 02 Jun 2020)\");\n script_name(\"Debian LTS: Security Advisory for python-httplib2 (DLA-2232-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2020/06/msg00000.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-2232-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python-httplib2'\n package(s) announced via the DLA-2232-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In httplib2, an attacker controlling unescaped part of uri for\n`httplib2.Http.request()` could change request headers and body, send\nadditional hidden requests to same server. This vulnerability impacts\nsoftware that uses httplib2 with uri constructed by string\nconcatenation, as opposed to proper urllib building with escaping.\");\n\n script_tag(name:\"affected\", value:\"'python-httplib2' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', this problem has been fixed in version\n0.9+dfsg-2+deb8u1.\n\nWe recommend that you upgrade your python-httplib2 packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"python-httplib2\", ver:\"0.9+dfsg-2+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"python3-httplib2\", ver:\"0.9+dfsg-2+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-06-25T13:44:37", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-06-23T00:00:00", "type": "openvas", "title": "Fedora: Security Advisory for python-httplib2 (FEDORA-2020-a7a15a9687)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11078"], "modified": "2020-06-24T00:00:00", "id": "OPENVAS:1361412562310877983", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877983", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877983\");\n script_version(\"2020-06-24T03:42:18+0000\");\n script_cve_id(\"CVE-2020-11078\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-06-24 03:42:18 +0000 (Wed, 24 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-23 03:19:58 +0000 (Tue, 23 Jun 2020)\");\n script_name(\"Fedora: Security Advisory for python-httplib2 (FEDORA-2020-a7a15a9687)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC32\");\n\n script_xref(name:\"FEDORA\", value:\"2020-a7a15a9687\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IXCX2AWROGWGY5GXR7VN3BKF34A2FO6J\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python-httplib2'\n package(s) announced via the FEDORA-2020-a7a15a9687 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A comprehensive HTTP client library that supports many features left out of\nother HTTP libraries.\");\n\n script_tag(name:\"affected\", value:\"'python-httplib2' package(s) on Fedora 32.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC32\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"python-httplib2\", rpm:\"python-httplib2~0.18.1~3.fc32\", rls:\"FC32\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "redhat": [{"lastseen": "2021-10-19T20:35:39", "description": "The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability (HA) environment.\n\nSecurity Fix(es):\n\n* python-httplib2: CRLF injection via an attacker controlled unescaped part of uri for httplib2.Http.request function (CVE-2020-11078)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2020-11-03T12:19:45", "type": "redhat", "title": "(RHSA-2020:4605) Low: resource-agents security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11078"], "modified": "2020-11-04T00:05:57", "id": "RHSA-2020:4605", "href": "https://access.redhat.com/errata/RHSA-2020:4605", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-10-19T20:37:47", "description": "The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. \n\nSecurity Fix(es):\n\n* python-httplib2: CRLF injection via an attacker controlled unescaped part of uri for httplib2.Http.request function (CVE-2020-11078)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* fence_lpar: Long username, HMC hostname, or managed system name causes failures [RHEL 7] (BZ#1860545)\n\n* InstanceHA does not evacuate instances created with private flavor in tenant project (RHEL7) (BZ#1862024)", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2020-11-10T09:37:51", "type": "redhat", "title": "(RHSA-2020:5003) Low: fence-agents security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11078"], "modified": "2020-11-10T11:55:09", "id": "RHSA-2020:5003", "href": "https://access.redhat.com/errata/RHSA-2020:5003", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-10-19T20:36:06", "description": "The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability (HA) environment.\n\nSecurity Fix(es):\n\n* python-httplib2: CRLF injection via an attacker controlled unescaped part of uri for httplib2.Http.request function (CVE-2020-11078)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* gcp-vpc-move-vip: An existing alias IP range is removed when a second alias IP range is added (BZ#1846732)\n\n* sybaseASE: Resource fails to complete a probe operation without access to $sybase_home [RHEL 7] (BZ#1848673)\n\n* azure-lb: Resource fails intermittently due to nc output redirection to pidfile (BZ#1850779)\n\n* azure-events: handle exceptions in urlopen (RHEL7) (BZ#1862121)", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2020-11-10T09:38:02", "type": "redhat", "title": "(RHSA-2020:5004) Low: resource-agents security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11078"], "modified": "2020-11-10T11:55:18", "id": "RHSA-2020:5004", "href": "https://access.redhat.com/errata/RHSA-2020:5004", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-10-19T20:38:01", "description": "A comprehensive HTTP client library that supports many features left out of other HTTP libraries.\n\nSecurity Fix(es):\n\n* CRLF injection via an attacker controlled unescaped part of uri for\nhttplib2.Http.request function (CVE-2020-11078)\n\n* Regular expression denial of service via malicious header\n(CVE-2021-21240)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-05-26T11:18:33", "type": "redhat", "title": "(RHSA-2021:2116) Moderate: Red Hat OpenStack Platform 16.1.6 (python-httplib2) security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11078", "CVE-2021-21240"], "modified": "2021-05-26T11:39:18", "id": "RHSA-2021:2116", "href": "https://access.redhat.com/errata/RHSA-2021:2116", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2021-10-22T11:24:34", "description": "Package : python-httplib2\nVersion : 0.9+dfsg-2+deb8u1\nCVE ID : CVE-2020-11078\n\n\nIn httplib2, an attacker controlling unescaped part of uri for\n`httplib2.Http.request()` could change request headers and body, send\nadditional hidden requests to same server. This vulnerability impacts\nsoftware that uses httplib2 with uri constructed by string\nconcatenation, as opposed to proper urllib building with escaping.\n\nFor Debian 8 "Jessie", this problem has been fixed in version\n0.9+dfsg-2+deb8u1.\n\nWe recommend that you upgrade your python-httplib2 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2020-06-01T16:20:39", "type": "debian", "title": "[SECURITY] [DLA 2232-1] python-httplib2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11078"], "modified": "2020-06-01T16:20:39", "id": "DEBIAN:DLA-2232-1:FEE15", "href": "https://lists.debian.org/debian-lts-announce/2020/06/msg00000.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-01-04T15:12:50", "description": "Package : python-httplib2\nVersion : 0.9+dfsg-2+deb8u1\nCVE ID : CVE-2020-11078\n\n\nIn httplib2, an attacker controlling unescaped part of uri for\n`httplib2.Http.request()` could change request headers and body, send\nadditional hidden requests to same server. This vulnerability impacts\nsoftware that uses httplib2 with uri constructed by string\nconcatenation, as opposed to proper urllib building with escaping.\n\nFor Debian 8 "Jessie", this problem has been fixed in version\n0.9+dfsg-2+deb8u1.\n\nWe recommend that you upgrade your python-httplib2 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2020-06-01T16:20:39", "type": "debian", "title": "[SECURITY] [DLA 2232-1] python-httplib2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11078"], "modified": "2020-06-01T16:20:39", "id": "DEBIAN:DLA-2232-1:7D37D", "href": "https://lists.debian.org/debian-lts-announce/2020/06/msg00000.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "Updated python-httplib2 packages fix security vulnerability: In httplib2, an attacker controlling unescaped part of uri for httplib2.Http.request() could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping (CVE-2020-11078). \n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.8, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2020-07-04T22:47:21", "type": "mageia", "title": "Updated python-httplib2 packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11078"], "modified": "2020-07-04T22:47:21", "id": "MGASA-2020-0269", "href": "https://advisories.mageia.org/MGASA-2020-0269.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "osv": [{"lastseen": "2022-06-10T04:58:58", "description": "### Impact\nAttacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server.\n\nImpacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping.\n\n### Patches\nProblem has been fixed in 0.18.0\nSpace, CR, LF characters are now quoted before any use.\nThis solution should not impact any valid usage of httplib2 library, that is uri constructed by urllib.\n\n### Workarounds\nCreate URI with `urllib.parse` family functions: `urlencode`, `urlunsplit`.\n\n```diff\nuser_input = \" HTTP/1.1\\r\\ninjected: attack\\r\\nignore-http:\"\n-uri = \"https://api.server/?q={}\".format(user_input)\n+uri = urllib.parse.urlunsplit((\"https\", \"api.server\", \"/v1\", urllib.parse.urlencode({\"q\": user_input}), \"\"))\nhttp.request(uri)\n```\n\n### References\nhttps://cwe.mitre.org/data/definitions/93.html\nhttps://docs.python.org/3/library/urllib.parse.html\n\nThanks to Recar https://github.com/Ciyfly for finding vulnerability and discrete notification.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [httplib2](https://github.com/httplib2/httplib2/issues/new)\n* Email [current maintainer at 2020-05](mailto:temotor@gmail.com)", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.8, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2020-05-20T15:55:47", "type": "osv", "title": "CRLF injection in httplib2", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11078"], "modified": "2022-06-10T02:16:22", "id": "OSV:GHSA-GG84-QGV9-W4PQ", "href": "https://osv.dev/vulnerability/GHSA-gg84-qgv9-w4pq", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-05-12T01:31:29", "description": "In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.8, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2020-05-20T16:15:00", "type": "osv", "title": "PYSEC-2020-46", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11078"], "modified": "2020-08-19T18:56:00", "id": "OSV:PYSEC-2020-46", "href": "https://osv.dev/vulnerability/PYSEC-2020-46", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-06T05:19:21", "description": "\nIn httplib2, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping.\n\n\nFor Debian 8 Jessie, this problem has been fixed in version\n0.9+dfsg-2+deb8u1.\n\n\nWe recommend that you upgrade your python-httplib2 packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.8, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2020-06-01T00:00:00", "type": "osv", "title": "python-httplib2 - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11078"], "modified": "2022-07-06T01:45:35", "id": "OSV:DLA-2232-1", "href": "https://osv.dev/vulnerability/DLA-2232-1", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "oraclelinux": [{"lastseen": "2021-07-28T14:24:31", "description": "[4.1.1-68]\n- azure-lb: fix redirect issue\n Resolves: rhbz#1850778\n[4.1.1-67]\n- gcp-vpc-move-vip: add support for multiple alias IPs\n Resolves: rhbz#1846733\n[4.1.1-65]\n- azure-events: handle exceptions in urlopen\n Resolves: rhbz#1845574\n[4.1.1-64]\n- nfsserver: fix NFSv4-only support\n- azure-events: new resource agent for Azure\n Resolves: rhbz#1818997\n Resolves: rhbz#1819965\n[4.1.1-60]\n- Upgrade bundled python-httplib2 to fix CVE-2020-11078\n Resolves: rhbz#1850990\n[4.1.1-59]\n- pgsql: support Pacemaker v2.03+ output\n Resolves: rhbz#1836186\n[4.1.1-56]\n- Filesystem: set 'fast_stop' default to 'no' for GFS2 filesystems\n Resolves: rhbz#1814896\n[4.1.1-55]\n- nfsserver: dont log error message when /etc/sysconfig/nfs does not exist\n- exportfs: describe clientspec format in metadata\n Resolves: rhbz#1845581\n Resolves: rhbz#1845583\n[4.1.1-54]\n- exportfs: add symlink support\n- aliyun-vpc-move-ip: log output when failing\n Resolves: rhbz#1820523\n Resolves: rhbz#1843999\n[4.1.1-53]\n- podman: force remove container if remove fails\n Resolves: rhbz#1839721\n[4.1.1-52]\n- gcp-pd-move: new resource agent for Google Cloud\n Resolves: rhbz#1633251\n[4.1.1-51]\n- NovaEvacuate: suppress expected initial error message\n- db2 (HADR): promote standby node when master node disappears\n Resolves: rhbz#1830716\n Resolves: rhbz#1836945\n[4.1.1-50]\n- rabbitmq-cluster: increase rabbitmqctl wait timeout during start\n Resolves: rhbz#1832321\n[4.1.1-49]\n- aws-vpc-route53: new resource agent for AWS\n- pgsql: improve checks to prevent incorrect status, and set initial\n score for primary and hot standby\n Resolves: rhbz#1759115\n Resolves: rhbz#1744190\n[4.1.1-47]\n- aws-vpc-move-ip: delete remaining route entries\n Resolves: rhbz#1819021\n[4.1.1-46]\n- use safe temp file location\n- ocf-shellfuncs: ocf_is_clone(): fix to return true when clone-max\n is set to 0\n Resolves: rhbz#1817432\n Resolves: rhbz#1817598\n[4.1.1-45]\n- azure-lb: support using socat instead of nc\n- aws-vpc-move-ip: add 'routing_table_role' parameter\n- redis: fix validate-all action and run it during start\n Resolves: rhbz#1804658\n Resolves: rhbz#1810466\n Resolves: rhbz#1792237\n[4.1.1-44]\n- lvmlockd: automatically remove locking_type from lvm.conf for LVM\n v2.03+\n Resolves: rhbz#1808468\n[4.1.1-43]\n- rabbitmq-cluster: delete nodename when stop fails\n Resolves: rhbz#1792196\n[4.1.1-42]\n- IPsrcaddr: add destination and table parameters\n Resolves: rhbz#1744224\n[4.1.1-40]\n- podman: improve image exist check\n- IPaddr2: add CLUSTERIP not supported info to metadata/manpage\n- Filesystem: refresh UUID if block device doesnt exist\n Resolves: rhbz#1788889\n Resolves: rhbz#1767916\n Resolves: rhbz#1777381\n[4.1.1-38]\n- IPaddr2: add noprefixroute parameter\n Resolves: rhbz#1741042\n[4.1.1-36]\n- exportfs: allow multiple exports with same fsid\n- mysql/galera: fix incorrect rc\n Resolves: rhbz#1764888\n Resolves: rhbz#1765128\n[4.1.1-35]\n- Route: dont fence when parameters not set\n- LVM-activate: add partial-activation support\n Resolves: rhbz#1750261\n Resolves: rhbz#1741843\n[4.1.1-34]\n- LVM/clvm: remove manpages for excluded agents\n- LVM-activate: return NOT_RUNNING when node rejoins cluster\n- LVM-activate: detect systemid volume without reboot\n- Filesystem: add symlink support\n- Filesystem: avoid corrupt mount-list and dont kill incorrect processes\n for bind-mounts\n- IPsrcaddr: make proto optional to fix regression when used without\n NetworkManager\n- docker: fix stop issues\n- rabbitmq-cluster: also restore users in single node mode\n- IPaddr2: sanitize compressed IPv6 IPs\n- nfsserver: systemd performance improvements\n- NovaEvacuate: add 'evacuate_delay' parameter\n Resolves: rhbz#1694392\n Resolves: rhbz#1695039\n Resolves: rhbz#1738428\n Resolves: rhbz#1744103\n Resolves: rhbz#1744140\n Resolves: rhbz#1757837\n Resolves: rhbz#1748768\n Resolves: rhbz#1750352\n Resolves: rhbz#1751700\n Resolves: rhbz#1751962\n Resolves: rhbz#1755760\n[4.1.1-33]\n- rabbitmq-cluster: fail monitor when node is in minority partition,\n fix stop regression, retry start when cluster join fails, ensure\n node attributes are removed\n Resolves: rhbz#1745713\n[4.1.1-32]\n- mysql/galera: use runuser/su to avoid using DAC_OVERRIDE\n Resolves: rhbz#1692960\n[4.1.1-31]\n- podman: add drop-in dependency support\n Resolves: rhbz#1736746\n[4.1.1-30]\n- iSCSITarget/iSCSILogicalUnit: only create iqn/acls when it doesnt\n exist\n Resolves: rhbz#1692413\n[4.1.1-29]\n- CTDB: add support for v4.9+\n Resolves: rhbz#1732867\n[4.1.1-28]\n- podman: fixes to avoid bundle resources restarting when probing\n takes too long\n- LVM-activate: fix monitor to avoid hang caused by validate-all call\n Resolves: rhbz#1718219\n Resolves: rhbz#1730455\n[4.1.1-27]\n- ocf_log: do not log debug messages when HA_debug unset\n- Filesystem: remove notify-action from metadata\n- dhcpd keep SELinux context in chroot\n Resolves: rhbz#1707969\n Resolves: rhbz#1717759\n Resolves: rhbz#1719684\n[4.1.1-26]\n- sap/sap-hana: split subpackages into separate packages\n Resolves: rhbz#1705767\n[4.1.1-24]\n- Squid: fix PID file issue\n Resolves: rhbz#1689184\n[4.1.1-23]\n- Route: make family parameter optional\n- redis: mute password warning\n Resolves: rhbz#1669140\n Resolves: rhbz#1683548\n[4.1.1-22]\n- aws-vpc-move-ip: add multi route-table support and fix issue\n w/multiple NICs\n Resolves: rhbz#1697559\n[4.1.1-21]\n- gcp-vpc-move-route/gcp-vpc-move-vip: fix Python 3 encoding issue\n Resolves: rhbz#1695656\n[4.1.1-20]\n- aws-vpc-move-ip: use '--query' to avoid a possible race condition\n- gcloud-ra: fix Python 3 issue and remove Python 2 detection\n Resolves: rhbz#1693662\n Resolves: rhbz#1691456\n[4.1.1-19]\n- Add CI gating tests\n- LVM-activate: support LVs from same VG\n- tomcat: use systemd when catalina.sh is unavailable\n- Fixed python-devel/perl build dependencies\n Resolves: rhbz#1682136\n Resolves: rhbz#1667414\n Resolves: rhbz#1666691\n Resolves: rhbz#1595854\n[4.1.1-18]\n- aliyun-vpc-move-ip: exclude from main package\n- aliyuncli-ra: upgrade bundled python-aliyun-sdk-core and fix Python 3 issues\n- ocf.py: byte compile\n Resolves: rhbz#1677204\n Resolves: rhbz#1677981\n Resolves: rhbz#1678874\n[4.1.1-17]\n- LVM-activate: dont require locking_type\n Resolves: rhbz#1658664\n[4.1.1-16]\n- vdo-vol: fix monitor-action\n- LVM-activate: dont fail initial probe\n Resolves: rhbz#1662466\n Resolves: rhbz#1643307\n[4.1.1-15]\n- nfsserver: fix start-issues when nfs_shared_infodir parameter is\n changed\n Resolves: rhbz#1642027\n[4.1.1-14]\n- redis: use basename in pidof to avoid issues in containers\n Resolves: rhbz#1635785\n[4.1.1-11]\n- Remove grpc from bundle\n Resolves: rhbz#1630627\n[4.1.1-10]\n- systemd-tmpfiles: change path to /run/resource-agents\n Resolves: rhbz#1631291\n[4.1.1-9]\n- podman: new resource agent\n Resolves: rhbz#1607607\n[4.1.1-8]\n- LVM: fix missing dash in activate_options\n- LVM-activate: warn about incorrect vg_access_mode\n- lvmlockd: add cmirrord support\n[4.1.1-7]\n- findif: only match lines containing netmasks\n[4.1.1-6]\n- Rebuild with fixed binutils\n[4.1.1-5]\n- vdo-vol: new resource agent\n Resolves: rhbz#1552330\n[4.1.1-4]\n- VirtualDomain: add stateless support\n- Exclude unsupported agents\n[4.1.1-3]\n- Added SAPHana and OpenStack agents\n[4.1.1-2]\n- Remove unsupported clvm and LVM agents\n[4.1.1-1]\n- Rebase to resource-agents 4.1.1 upstream release.\n[4.1.0-2]\n- Add gcc to BuildRequires\n[4.1.0-1.1]\n- Escape macros in %changelog\n[4.1.0-1]\n- Rebase to resource-agents 4.1.0 upstream release.\n[4.0.1-1.3]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild\n[4.0.1-1.2]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild\n[4.0.1-1.1]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild\n[4.0.1-1]\n- Rebase to resource-agents 4.0.1 upstream release.\n[4.0.0-2]\n- galera: remove 'long SST monitoring' support due to corner-case issues\n[4.0.0-1]\n- Rebase to resource-agents 4.0.0 upstream release.\n[3.9.7-6]\n- Add netstat dependency\n[3.9.7-4]\n- Rebase to resource-agents 3.9.7 upstream release.\n[3.9.6-2.2]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild\n[3.9.6-2.1]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild\n[3.9.6-2]\n- Rebase to latest upstream code in order to pull in rabbitmq-cluster agent\n[3.9.6-1]\n- Rebase to resource-agents 3.9.6 upstream release.\n[3.9.5-12.2]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild\n[3.9.5-12.1]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild\n[3.9.5-12]\n- Sync with latest upstream.\n[3.9.5-11]\n- Sync with latest upstream.\n[3.9.5-10]\n- Fix build system for rawhide.\n[3.9.5-9]\n- Remove rgmanager agents from build.\n[3.9.5-8]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild\n[3.9.5-7]\n- Perl 5.18 rebuild\n[3.9.5-6]\n- Restores rsctmp directory to upstream default.\n[3.9.5-5]\n- Merges redhat provider into heartbeat provider. Remove\n rgmanager's redhat provider.\n Resolves: rhbz#917681\n Resolves: rhbz#928890\n Resolves: rhbz#952716\n Resolves: rhbz#960555\n[3.9.5-3]\n- Fixes build system error with conditional logic involving\n IPv6addr and updates spec file to build against rhel 7 as\n well as fedora 19.\n[3.9.5-2]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2020-11-24T00:00:00", "type": "oraclelinux", "title": "resource-agents security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11078"], "modified": "2020-11-24T00:00:00", "id": "ELSA-2020-5947", "href": "http://linux.oracle.com/errata/ELSA-2020-5947.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-07-28T14:24:35", "description": "[4.2.1-41.2]\n- Upgrade bundled python-httplib2 to fix CVE-2020-11078\n Resolves: rhbz#1850114\n[4.2.1-41.1]\n- fence_lpar: fix issue with long username, hostname, etc not\n working when the command run by the agent exceeds 80 characters\n- fence_evacuate: enable evacuation of instances using private flavors\n Resolves: rhbz#1860545\n Resolves: rhbz#1862024", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2020-11-13T00:00:00", "type": "oraclelinux", "title": "fence-agents security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11078"], "modified": "2020-11-13T00:00:00", "id": "ELSA-2020-5003", "href": "http://linux.oracle.com/errata/ELSA-2020-5003.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-11-05T18:27:20", "description": "[4.1.1-61.4]\n- Upgrade bundled python-httplib2 to fix CVE-2020-11078\n Resolves: rhbz#1850992\n[4.1.1-61.2]\n- azure-lb: fix redirect issue\n Resolves: rhbz#1850779\n[4.1.1-61.1]\n- gcp-vpc-move-vip: add support for multiple alias IPs\n- sybaseASE: run verify action during start action only\n- azure-events: handle exceptions in urlopen\n Resolves: rhbz#1846732\n Resolves: rhbz#1848673\n Resolves: rhbz#1862121", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2021-11-05T00:00:00", "type": "oraclelinux", "title": "resource-agents security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11078"], "modified": "2021-11-05T00:00:00", "id": "ELSA-2020-5004", "href": "http://linux.oracle.com/errata/ELSA-2020-5004.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "debiancve": [{"lastseen": "2022-07-04T06:01:51", "description": "In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.8, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2020-05-20T16:15:00", "type": "debiancve", "title": "CVE-2020-11078", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11078"], "modified": "2020-05-20T16:15:00", "id": "DEBIANCVE:CVE-2020-11078", "href": "https://security-tracker.debian.org/tracker/CVE-2020-11078", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "cve": [{"lastseen": "2022-03-23T12:07:44", "description": "In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.8, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2020-05-20T16:15:00", "type": "cve", "title": "CVE-2020-11078", "cwe": ["CWE-93"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11078"], "modified": "2020-08-19T18:56:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/o:fedoraproject:fedora:31", "cpe:/o:fedoraproject:fedora:32"], "id": "CVE-2020-11078", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11078", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2022-07-06T14:41:02", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:5004 advisory.\n\n - python-httplib2: CRLF injection via an attacker controlled unescaped part of uri for httplib2.Http.request function (CVE-2020-11078)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.\n\nNote that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.8, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"}, "published": "2020-12-18T00:00:00", "type": "nessus", "title": "Virtuozzo 7 : resource-agents / resource-agents-aliyun / etc (VZLSA-2020-5004)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11078"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:resource-agents", "p-cpe:/a:virtuozzo:virtuozzo:resource-agents-aliyun", "p-cpe:/a:virtuozzo:virtuozzo:resource-agents-gcp", "cpe:/o:virtuozzo:virtuozzo:7"], "id": "VIRTUOZZO_VZLSA-2020-5004.NASL", "href": "https://www.tenable.com/plugins/nessus/144431", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144431);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\n \"CVE-2020-11078\"\n );\n\n script_name(english:\"Virtuozzo 7 : resource-agents / resource-agents-aliyun / etc (VZLSA-2020-5004)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:5004 advisory.\n\n - python-httplib2: CRLF injection via an attacker controlled unescaped part of uri for httplib2.Http.request function (CVE-2020-11078)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.\");\n # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2020-5004.json\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9eb04c6e\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:5004\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected resource-agents / resource-agents-aliyun / etc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:resource-agents\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:resource-agents-aliyun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:resource-agents-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"resource-agents-4.1.1-61.vl7.4\",\n \"resource-agents-aliyun-4.1.1-61.vl7.4\",\n \"resource-agents-gcp-4.1.1-61.vl7.4\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-7\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"resource-agents / resource-agents-aliyun / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-06T14:41:19", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:5003 advisory.\n\n - python-httplib2: CRLF injection via an attacker controlled unescaped part of uri for httplib2.Http.request function (CVE-2020-11078)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.\n\nNote that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.8, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"}, "published": "2020-12-18T00:00:00", "type": "nessus", "title": "Virtuozzo 7 : fence-agents-aliyun / fence-agents-all / etc (VZLSA-2020-5003)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11078"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:fence-agents-aliyun", "p-cpe:/a:virtuozzo:virtuozzo:fence-agents-all", "p-cpe:/a:virtuozzo:virtuozzo:fence-agents-amt-ws", "p-cpe:/a:virtuozzo:virtuozzo:fence-agents-apc", "p-cpe:/a:virtuozzo:virtuozzo:fence-agents-apc-snmp", "p-cpe:/a:virtuozzo:virtuozzo:fence-agents-aws", "p-cpe:/a:virtuozzo:virtuozzo:fence-agents-azure-arm", "p-cpe:/a:virtuozzo:virtuozzo:fence-agents-bladecenter", "p-cpe:/a:virtuozzo:virtuozzo:fence-agents-brocade", "p-cpe:/a:virtuozzo:virtuozzo:fence-agents-cisco-mds", "p-cpe:/a:virtuozzo:virtuozzo:fence-agents-cisco-ucs", "p-cpe:/a:virtuozzo:virtuozzo:fence-agents-common", "p-cpe:/a:virtuozzo:virtuozzo:fence-agents-compute", "p-cpe:/a:virtuozzo:virtuozzo:fence-agents-drac5", "p-cpe:/a:virtuozzo:virtuozzo:fence-agents-eaton-snmp", "p-cpe:/a:virtuozzo:virtuozzo:fence-agents-emerson", "p-cpe:/a:virtuozzo:virtuozzo:fence-agents-eps", "p-cpe:/a:virtuozzo:virtuozzo:fence-agents-gce", "p-cpe:/a:virtuozzo:virtuozzo:fence-agents-heuristics-ping", "p-cpe:/a:virtuozzo:virtuozzo:fence-agents-hpblade", "p-cpe:/a:virtuozzo:virtuozzo:fence-agents-ibmblade", "p-cpe:/a:virtuozzo:virtuozzo:fence-agents-ifmib", "p-cpe:/a:virtuozzo:virtuozzo:fence-agents-ilo-moonshot", "p-cpe:/a:virtuozzo:virtuozzo:fence-agents-ilo-mp", "p-cpe:/a:virtuozzo:virtuozzo:fence-agents-ilo-ssh", "p-cpe:/a:virtuozzo:virtuozzo:fence-agents-ilo2", "p-cpe:/a:virtuozzo:virtuozzo:fence-agents-intelmodular", "p-cpe:/a:virtuozzo:virtuozzo:fence-agents-ipdu", "p-cpe:/a:virtuozzo:virtuozzo:fence-agents-ipmilan", "p-cpe:/a:virtuozzo:virtuozzo:fence-agents-kdump", "p-cpe:/a:virtuozzo:virtuozzo:fence-agents-lpar", "p-cpe:/a:virtuozzo:virtuozzo:fence-agents-mpath", "p-cpe:/a:virtuozzo:virtuozzo:fence-agents-redfish", "p-cpe:/a:virtuozzo:virtuozzo:fence-agents-rhevm", "p-cpe:/a:virtuozzo:virtuozzo:fence-agents-rsa", "p-cpe:/a:virtuozzo:virtuozzo:fence-agents-rsb", "p-cpe:/a:virtuozzo:virtuozzo:fence-agents-sbd", "p-cpe:/a:virtuozzo:virtuozzo:fence-agents-scsi", "p-cpe:/a:virtuozzo:virtuozzo:fence-agents-virsh", "p-cpe:/a:virtuozzo:virtuozzo:fence-agents-vmware-rest", "p-cpe:/a:virtuozzo:virtuozzo:fence-agents-vmware-soap", "p-cpe:/a:virtuozzo:virtuozzo:fence-agents-wti", "cpe:/o:virtuozzo:virtuozzo:7"], "id": "VIRTUOZZO_VZLSA-2020-5003.NASL", "href": "https://www.tenable.com/plugins/nessus/144430", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144430);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\n \"CVE-2020-11078\"\n );\n\n script_name(english:\"Virtuozzo 7 : fence-agents-aliyun / fence-agents-all / etc (VZLSA-2020-5003)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:5003 advisory.\n\n - python-httplib2: CRLF injection via an attacker controlled unescaped part of uri for httplib2.Http.request function (CVE-2020-11078)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.\");\n # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2020-5003.json\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e5a9c7ce\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:5003\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected fence-agents-aliyun / fence-agents-all / etc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:fence-agents-aliyun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:fence-agents-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:fence-agents-amt-ws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:fence-agents-apc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:fence-agents-apc-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:fence-agents-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:fence-agents-azure-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:fence-agents-bladecenter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:fence-agents-brocade\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:fence-agents-cisco-mds\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:fence-agents-cisco-ucs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:fence-agents-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:fence-agents-compute\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:fence-agents-drac5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:fence-agents-eaton-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:fence-agents-emerson\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:fence-agents-eps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:fence-agents-gce\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:fence-agents-heuristics-ping\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:fence-agents-hpblade\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:fence-agents-ibmblade\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:fence-agents-ifmib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:fence-agents-ilo-moonshot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:fence-agents-ilo-mp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:fence-agents-ilo-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:fence-agents-ilo2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:fence-agents-intelmodular\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:fence-agents-ipdu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:fence-agents-ipmilan\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:fence-agents-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:fence-agents-lpar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:fence-agents-mpath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:fence-agents-redfish\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:fence-agents-rhevm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:fence-agents-rsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:fence-agents-rsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:fence-agents-sbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:fence-agents-scsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:fence-agents-virsh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:fence-agents-vmware-rest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:fence-agents-vmware-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:fence-agents-wti\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"fence-agents-aliyun-4.2.1-41.vl7.2\",\n \"fence-agents-all-4.2.1-41.vl7.2\",\n \"fence-agents-amt-ws-4.2.1-41.vl7.2\",\n \"fence-agents-apc-4.2.1-41.vl7.2\",\n \"fence-agents-apc-snmp-4.2.1-41.vl7.2\",\n \"fence-agents-aws-4.2.1-41.vl7.2\",\n \"fence-agents-azure-arm-4.2.1-41.vl7.2\",\n \"fence-agents-bladecenter-4.2.1-41.vl7.2\",\n \"fence-agents-brocade-4.2.1-41.vl7.2\",\n \"fence-agents-cisco-mds-4.2.1-41.vl7.2\",\n \"fence-agents-cisco-ucs-4.2.1-41.vl7.2\",\n \"fence-agents-common-4.2.1-41.vl7.2\",\n \"fence-agents-compute-4.2.1-41.vl7.2\",\n \"fence-agents-drac5-4.2.1-41.vl7.2\",\n \"fence-agents-eaton-snmp-4.2.1-41.vl7.2\",\n \"fence-agents-emerson-4.2.1-41.vl7.2\",\n \"fence-agents-eps-4.2.1-41.vl7.2\",\n \"fence-agents-gce-4.2.1-41.vl7.2\",\n \"fence-agents-heuristics-ping-4.2.1-41.vl7.2\",\n \"fence-agents-hpblade-4.2.1-41.vl7.2\",\n \"fence-agents-ibmblade-4.2.1-41.vl7.2\",\n \"fence-agents-ifmib-4.2.1-41.vl7.2\",\n \"fence-agents-ilo-moonshot-4.2.1-41.vl7.2\",\n \"fence-agents-ilo-mp-4.2.1-41.vl7.2\",\n \"fence-agents-ilo-ssh-4.2.1-41.vl7.2\",\n \"fence-agents-ilo2-4.2.1-41.vl7.2\",\n \"fence-agents-intelmodular-4.2.1-41.vl7.2\",\n \"fence-agents-ipdu-4.2.1-41.vl7.2\",\n \"fence-agents-ipmilan-4.2.1-41.vl7.2\",\n \"fence-agents-kdump-4.2.1-41.vl7.2\",\n \"fence-agents-lpar-4.2.1-41.vl7.2\",\n \"fence-agents-mpath-4.2.1-41.vl7.2\",\n \"fence-agents-redfish-4.2.1-41.vl7.2\",\n \"fence-agents-rhevm-4.2.1-41.vl7.2\",\n \"fence-agents-rsa-4.2.1-41.vl7.2\",\n \"fence-agents-rsb-4.2.1-41.vl7.2\",\n \"fence-agents-sbd-4.2.1-41.vl7.2\",\n \"fence-agents-scsi-4.2.1-41.vl7.2\",\n \"fence-agents-virsh-4.2.1-41.vl7.2\",\n \"fence-agents-vmware-rest-4.2.1-41.vl7.2\",\n \"fence-agents-vmware-soap-4.2.1-41.vl7.2\",\n \"fence-agents-wti-4.2.1-41.vl7.2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-7\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"fence-agents-aliyun / fence-agents-all / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-06T14:38:46", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:4605 advisory.\n\n - python-httplib2: CRLF injection via an attacker controlled unescaped part of uri for httplib2.Http.request function (CVE-2020-11078)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.8, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"}, "published": "2020-11-04T00:00:00", "type": "nessus", "title": "RHEL 8 : resource-agents (RHSA-2020:4605)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11078"], "modified": "2021-10-12T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_tus:8.4", "p-cpe:/a:redhat:enterprise_linux:resource-agents", "p-cpe:/a:redhat:enterprise_linux:resource-agents-aliyun", "p-cpe:/a:redhat:enterprise_linux:resource-agents-gcp"], "id": "REDHAT-RHSA-2020-4605.NASL", "href": "https://www.tenable.com/plugins/nessus/142441", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4605. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142441);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/12\");\n\n script_cve_id(\"CVE-2020-11078\");\n script_xref(name:\"RHSA\", value:\"2020:4605\");\n\n script_name(english:\"RHEL 8 : resource-agents (RHSA-2020:4605)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:4605 advisory.\n\n - python-httplib2: CRLF injection via an attacker controlled unescaped part of uri for httplib2.Http.request\n function (CVE-2020-11078)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/113.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1845937\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected resource-agents, resource-agents-aliyun and / or resource-agents-gcp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11078\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(113);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resource-agents\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resource-agents-aliyun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resource-agents-gcp\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'enterprise_linux_8_appstream': [\n 'rhel-8-for-aarch64-appstream-debug-rpms',\n 'rhel-8-for-aarch64-appstream-rpms',\n 'rhel-8-for-aarch64-appstream-source-rpms',\n 'rhel-8-for-s390x-appstream-debug-rpms',\n 'rhel-8-for-s390x-appstream-rpms',\n 'rhel-8-for-s390x-appstream-source-rpms',\n 'rhel-8-for-x86_64-appstream-debug-rpms',\n 'rhel-8-for-x86_64-appstream-rpms',\n 'rhel-8-for-x86_64-appstream-source-rpms'\n ],\n 'enterprise_linux_8_baseos': [\n 'rhel-8-for-aarch64-baseos-debug-rpms',\n 'rhel-8-for-aarch64-baseos-rpms',\n 'rhel-8-for-aarch64-baseos-source-rpms',\n 'rhel-8-for-s390x-baseos-debug-rpms',\n 'rhel-8-for-s390x-baseos-rpms',\n 'rhel-8-for-s390x-baseos-source-rpms',\n 'rhel-8-for-x86_64-baseos-debug-rpms',\n 'rhel-8-for-x86_64-baseos-rpms',\n 'rhel-8-for-x86_64-baseos-source-rpms'\n ],\n 'enterprise_linux_8_crb': [\n 'codeready-builder-for-rhel-8-aarch64-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-rpms',\n 'codeready-builder-for-rhel-8-aarch64-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-rpms',\n 'codeready-builder-for-rhel-8-s390x-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-rpms',\n 'codeready-builder-for-rhel-8-x86_64-source-rpms'\n ],\n 'enterprise_linux_8_highavailability': [\n 'rhel-8-for-aarch64-highavailability-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-rpms',\n 'rhel-8-for-aarch64-highavailability-source-rpms',\n 'rhel-8-for-s390x-highavailability-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-rpms',\n 'rhel-8-for-s390x-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-rpms',\n 'rhel-8-for-x86_64-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'enterprise_linux_8_nfv': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-nfv-tus-debug-rpms',\n 'rhel-8-for-x86_64-nfv-tus-rpms',\n 'rhel-8-for-x86_64-nfv-tus-source-rpms'\n ],\n 'enterprise_linux_8_realtime': [\n 'rhel-8-for-x86_64-rt-debug-rpms',\n 'rhel-8-for-x86_64-rt-rpms',\n 'rhel-8-for-x86_64-rt-source-rpms',\n 'rhel-8-for-x86_64-rt-tus-debug-rpms',\n 'rhel-8-for-x86_64-rt-tus-rpms',\n 'rhel-8-for-x86_64-rt-tus-source-rpms'\n ],\n 'enterprise_linux_8_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-rpms',\n 'rhel-8-for-s390x-resilientstorage-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-rpms',\n 'rhel-8-for-x86_64-resilientstorage-source-rpms'\n ],\n 'enterprise_linux_8_sap': [\n 'rhel-8-for-s390x-sap-netweaver-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-rpms',\n 'rhel-8-for-s390x-sap-netweaver-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-source-rpms'\n ],\n 'enterprise_linux_8_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-rpms',\n 'rhel-8-for-x86_64-sap-solutions-source-rpms'\n ],\n 'enterprise_linux_8_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-rpms',\n 'rhel-8-for-aarch64-supplementary-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-rpms',\n 'rhel-8-for-s390x-supplementary-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-rpms',\n 'rhel-8-for-x86_64-supplementary-source-rpms'\n ],\n 'rhel_aus_8_4_appstream': [\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms__8_DOT_4'\n ],\n 'rhel_aus_8_4_baseos': [\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_appstream': [\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_baseos': [\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_highavailability': [\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_sap': [\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_appstream': [\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms',\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-appstream-eus-rpms',\n 'rhel-8-for-aarch64-appstream-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-appstream-eus-rpms',\n 'rhel-8-for-s390x-appstream-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-appstream-eus-source-rpms',\n 'rhel-8-for-s390x-appstream-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-eus-rpms',\n 'rhel-8-for-x86_64-appstream-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms'\n ],\n 'rhel_eus_8_4_baseos': [\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms',\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-baseos-eus-rpms',\n 'rhel-8-for-aarch64-baseos-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-baseos-eus-rpms',\n 'rhel-8-for-s390x-baseos-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-baseos-eus-source-rpms',\n 'rhel-8-for-s390x-baseos-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-eus-rpms',\n 'rhel-8-for-x86_64-baseos-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-tus-rpms',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms'\n ],\n 'rhel_eus_8_4_crb': [\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_highavailability': [\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'rhel_eus_8_4_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_sap': [\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_extras_nfv_8': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-nfv-tus-debug-rpms',\n 'rhel-8-for-x86_64-nfv-tus-rpms',\n 'rhel-8-for-x86_64-nfv-tus-source-rpms'\n ],\n 'rhel_extras_rt_8': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-rt-debug-rpms',\n 'rhel-8-for-x86_64-rt-rpms',\n 'rhel-8-for-x86_64-rt-source-rpms',\n 'rhel-8-for-x86_64-rt-tus-debug-rpms',\n 'rhel-8-for-x86_64-rt-tus-rpms',\n 'rhel-8-for-x86_64-rt-tus-source-rpms'\n ],\n 'rhel_tus_8_4_appstream': [\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms__8_DOT_4'\n ],\n 'rhel_tus_8_4_baseos': [\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-tus-rpms',\n 'rhel-8-for-x86_64-baseos-tus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms__8_DOT_4'\n ],\n 'rhel_tus_8_4_highavailability': [\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms__8_DOT_4'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nvar enterprise_linux_flag = rhel_repo_sets_has_enterprise_linux(repo_sets:repo_sets);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'resource-agents-4.1.1-68.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'resource-agents-4.1.1-68.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'resource-agents-4.1.1-68.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'resource-agents-aliyun-4.1.1-68.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'resource-agents-gcp-4.1.1-68.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp']) && !enterprise_linux_flag) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'resource-agents / resource-agents-aliyun / resource-agents-gcp');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-06T14:38:47", "description": "The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:5004 advisory.\n\n - python-httplib2: CRLF injection via an attacker controlled unescaped part of uri for httplib2.Http.request function (CVE-2020-11078)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.8, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"}, "published": "2020-11-18T00:00:00", "type": "nessus", "title": "CentOS 7 : resource-agents (CESA-2020:5004)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11078"], "modified": "2020-11-30T00:00:00", "cpe": ["p-cpe:/a:centos:centos:resource-agents", "p-cpe:/a:centos:centos:resource-agents-aliyun", "p-cpe:/a:centos:centos:resource-agents-gcp", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2020-5004.NASL", "href": "https://www.tenable.com/plugins/nessus/143052", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:5004 and\n# CentOS Errata and Security Advisory 2020:5004 respectively.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143052);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/30\");\n\n script_cve_id(\"CVE-2020-11078\");\n script_xref(name:\"RHSA\", value:\"2020:5004\");\n\n script_name(english:\"CentOS 7 : resource-agents (CESA-2020:5004)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the\nCESA-2020:5004 advisory.\n\n - python-httplib2: CRLF injection via an attacker controlled unescaped part of uri for httplib2.Http.request\n function (CVE-2020-11078)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.centos.org/pipermail/centos-announce/2020-November/035836.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0e86d606\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/113.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected resource-agents, resource-agents-aliyun and / or resource-agents-gcp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11078\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(113);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:resource-agents\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:resource-agents-aliyun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:resource-agents-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'CentOS 7.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'resource-agents-4.1.1-61.el7_9.4', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'resource-agents-aliyun-4.1.1-61.el7_9.4', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'resource-agents-gcp-4.1.1-61.el7_9.4', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'resource-agents / resource-agents-aliyun / resource-agents-gcp');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-06T14:39:16", "description": "The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-5003 advisory.\n\n - In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.\n (CVE-2020-11078)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.8, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"}, "published": "2020-11-12T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : fence-agents (ELSA-2020-5003)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11078"], "modified": "2020-11-13T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:fence-agents-all", "p-cpe:/a:oracle:linux:fence-agents-amt-ws", "p-cpe:/a:oracle:linux:fence-agents-apc", "p-cpe:/a:oracle:linux:fence-agents-apc-snmp", "p-cpe:/a:oracle:linux:fence-agents-bladecenter", "p-cpe:/a:oracle:linux:fence-agents-brocade", "p-cpe:/a:oracle:linux:fence-agents-cisco-mds", "p-cpe:/a:oracle:linux:fence-agents-cisco-ucs", "p-cpe:/a:oracle:linux:fence-agents-common", "p-cpe:/a:oracle:linux:fence-agents-compute", "p-cpe:/a:oracle:linux:fence-agents-drac5", "p-cpe:/a:oracle:linux:fence-agents-eaton-snmp", "p-cpe:/a:oracle:linux:fence-agents-emerson", "p-cpe:/a:oracle:linux:fence-agents-eps", "p-cpe:/a:oracle:linux:fence-agents-heuristics-ping", "p-cpe:/a:oracle:linux:fence-agents-hpblade", "p-cpe:/a:oracle:linux:fence-agents-ibmblade", "p-cpe:/a:oracle:linux:fence-agents-ifmib", "p-cpe:/a:oracle:linux:fence-agents-ilo-moonshot", "p-cpe:/a:oracle:linux:fence-agents-ilo-mp", "p-cpe:/a:oracle:linux:fence-agents-ilo-ssh", "p-cpe:/a:oracle:linux:fence-agents-ilo2", "p-cpe:/a:oracle:linux:fence-agents-intelmodular", "p-cpe:/a:oracle:linux:fence-agents-ipdu", "p-cpe:/a:oracle:linux:fence-agents-ipmilan", "p-cpe:/a:oracle:linux:fence-agents-kdump", "p-cpe:/a:oracle:linux:fence-agents-lpar", "p-cpe:/a:oracle:linux:fence-agents-mpath", "p-cpe:/a:oracle:linux:fence-agents-redfish", "p-cpe:/a:oracle:linux:fence-agents-rhevm", "p-cpe:/a:oracle:linux:fence-agents-rsa", "p-cpe:/a:oracle:linux:fence-agents-rsb", "p-cpe:/a:oracle:linux:fence-agents-sbd", "p-cpe:/a:oracle:linux:fence-agents-scsi", "p-cpe:/a:oracle:linux:fence-agents-virsh", "p-cpe:/a:oracle:linux:fence-agents-vmware-rest", "p-cpe:/a:oracle:linux:fence-agents-vmware-soap", "p-cpe:/a:oracle:linux:fence-agents-wti"], "id": "ORACLELINUX_ELSA-2020-5003.NASL", "href": "https://www.tenable.com/plugins/nessus/142790", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-5003.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142790);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/13\");\n\n script_cve_id(\"CVE-2020-11078\");\n\n script_name(english:\"Oracle Linux 7 : fence-agents (ELSA-2020-5003)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2020-5003 advisory.\n\n - In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for\n `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same\n server. This vulnerability impacts software that uses httplib2 with uri constructed by string\n concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.\n (CVE-2020-11078)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5003.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11078\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fence-agents-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fence-agents-amt-ws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fence-agents-apc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fence-agents-apc-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fence-agents-bladecenter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fence-agents-brocade\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fence-agents-cisco-mds\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fence-agents-cisco-ucs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fence-agents-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fence-agents-compute\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fence-agents-drac5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fence-agents-eaton-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fence-agents-emerson\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fence-agents-eps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fence-agents-heuristics-ping\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fence-agents-hpblade\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fence-agents-ibmblade\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fence-agents-ifmib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fence-agents-ilo-moonshot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fence-agents-ilo-mp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fence-agents-ilo-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fence-agents-ilo2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fence-agents-intelmodular\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fence-agents-ipdu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fence-agents-ipmilan\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fence-agents-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fence-agents-lpar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fence-agents-mpath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fence-agents-redfish\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fence-agents-rhevm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fence-agents-rsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fence-agents-rsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fence-agents-sbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fence-agents-scsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fence-agents-virsh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fence-agents-vmware-rest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fence-agents-vmware-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fence-agents-wti\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\npkgs = [\n {'reference':'fence-agents-all-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7'},\n {'reference':'fence-agents-amt-ws-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7'},\n {'reference':'fence-agents-apc-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7'},\n {'reference':'fence-agents-apc-snmp-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7'},\n {'reference':'fence-agents-bladecenter-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7'},\n {'reference':'fence-agents-brocade-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7'},\n {'reference':'fence-agents-cisco-mds-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7'},\n {'reference':'fence-agents-cisco-ucs-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7'},\n {'reference':'fence-agents-common-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7'},\n {'reference':'fence-agents-compute-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7'},\n {'reference':'fence-agents-drac5-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7'},\n {'reference':'fence-agents-eaton-snmp-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7'},\n {'reference':'fence-agents-emerson-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7'},\n {'reference':'fence-agents-eps-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7'},\n {'reference':'fence-agents-heuristics-ping-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7'},\n {'reference':'fence-agents-hpblade-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7'},\n {'reference':'fence-agents-ibmblade-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7'},\n {'reference':'fence-agents-ifmib-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7'},\n {'reference':'fence-agents-ilo-moonshot-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7'},\n {'reference':'fence-agents-ilo-mp-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7'},\n {'reference':'fence-agents-ilo-ssh-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7'},\n {'reference':'fence-agents-ilo2-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7'},\n {'reference':'fence-agents-intelmodular-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7'},\n {'reference':'fence-agents-ipdu-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7'},\n {'reference':'fence-agents-ipmilan-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7'},\n {'reference':'fence-agents-kdump-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7'},\n {'reference':'fence-agents-lpar-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7'},\n {'reference':'fence-agents-mpath-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7'},\n {'reference':'fence-agents-redfish-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7'},\n {'reference':'fence-agents-rhevm-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7'},\n {'reference':'fence-agents-rsa-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7'},\n {'reference':'fence-agents-rsb-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7'},\n {'reference':'fence-agents-sbd-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7'},\n {'reference':'fence-agents-scsi-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7'},\n {'reference':'fence-agents-virsh-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7'},\n {'reference':'fence-agents-vmware-rest-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7'},\n {'reference':'fence-agents-vmware-soap-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7'},\n {'reference':'fence-agents-wti-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'fence-agents-all / fence-agents-amt-ws / fence-agents-apc / etc');\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-06T14:13:15", "description": "In httplib2, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping.\n\nFor Debian 8 'Jessie', this problem has been fixed in version 0.9+dfsg-2+deb8u1.\n\nWe recommend that you upgrade your python-httplib2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.8, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"}, "published": "2020-06-02T00:00:00", "type": "nessus", "title": "Debian DLA-2232-1 : python-httplib2 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11078"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:python-httplib2", "p-cpe:/a:debian:debian_linux:python3-httplib2", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-2232.NASL", "href": "https://www.tenable.com/plugins/nessus/137008", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2232-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137008);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2020-11078\");\n\n script_name(english:\"Debian DLA-2232-1 : python-httplib2 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"In httplib2, an attacker controlling unescaped part of uri for\n`httplib2.Http.request()` could change request headers and body, send\nadditional hidden requests to same server. This vulnerability impacts\nsoftware that uses httplib2 with uri constructed by string\nconcatenation, as opposed to proper urllib building with escaping.\n\nFor Debian 8 'Jessie', this problem has been fixed in version\n0.9+dfsg-2+deb8u1.\n\nWe recommend that you upgrade your python-httplib2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/06/msg00000.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/python-httplib2\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade the affected python-httplib2, and python3-httplib2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-httplib2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python3-httplib2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"python-httplib2\", reference:\"0.9+dfsg-2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python3-httplib2\", reference:\"0.9+dfsg-2+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-06T14:13:15", "description": "Fix for CVE-2020-11078\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.8, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"}, "published": "2020-06-23T00:00:00", "type": "nessus", "title": "Fedora 31 : python-httplib2 (2020-37779a5c93)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11078"], "modified": "2020-06-26T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:python-httplib2", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2020-37779A5C93.NASL", "href": "https://www.tenable.com/plugins/nessus/137733", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-37779a5c93.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137733);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/26\");\n\n script_cve_id(\"CVE-2020-11078\");\n script_xref(name:\"FEDORA\", value:\"2020-37779a5c93\");\n\n script_name(english:\"Fedora 31 : python-httplib2 (2020-37779a5c93)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Fix for CVE-2020-11078\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-37779a5c93\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected python-httplib2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python-httplib2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"python-httplib2-0.18.1-3.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-httplib2\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-06T14:37:27", "description": "The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:5003 advisory.\n\n - python-httplib2: CRLF injection via an attacker controlled unescaped part of uri for httplib2.Http.request function (CVE-2020-11078)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.8, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"}, "published": "2020-11-19T00:00:00", "type": "nessus", "title": "CentOS 7 : fence-agents (CESA-2020:5003)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11078"], "modified": "2020-11-30T00:00:00", "cpe": ["p-cpe:/a:centos:centos:fence-agents-aliyun", "p-cpe:/a:centos:centos:fence-agents-all", "p-cpe:/a:centos:centos:fence-agents-amt-ws", "p-cpe:/a:centos:centos:fence-agents-apc", "p-cpe:/a:centos:centos:fence-agents-apc-snmp", "p-cpe:/a:centos:centos:fence-agents-aws", "p-cpe:/a:centos:centos:fence-agents-azure-arm", "p-cpe:/a:centos:centos:fence-agents-bladecenter", "p-cpe:/a:centos:centos:fence-agents-brocade", "p-cpe:/a:centos:centos:fence-agents-cisco-mds", "p-cpe:/a:centos:centos:fence-agents-cisco-ucs", "p-cpe:/a:centos:centos:fence-agents-common", "p-cpe:/a:centos:centos:fence-agents-compute", "p-cpe:/a:centos:centos:fence-agents-drac5", "p-cpe:/a:centos:centos:fence-agents-eaton-snmp", "p-cpe:/a:centos:centos:fence-agents-emerson", "p-cpe:/a:centos:centos:fence-agents-eps", "p-cpe:/a:centos:centos:fence-agents-gce", "p-cpe:/a:centos:centos:fence-agents-heuristics-ping", "p-cpe:/a:centos:centos:fence-agents-hpblade", "p-cpe:/a:centos:centos:fence-agents-ibmblade", "p-cpe:/a:centos:centos:fence-agents-ifmib", "p-cpe:/a:centos:centos:fence-agents-ilo-moonshot", "p-cpe:/a:centos:centos:fence-agents-ilo-mp", "p-cpe:/a:centos:centos:fence-agents-ilo-ssh", "p-cpe:/a:centos:centos:fence-agents-ilo2", "p-cpe:/a:centos:centos:fence-agents-intelmodular", "p-cpe:/a:centos:centos:fence-agents-ipdu", "p-cpe:/a:centos:centos:fence-agents-ipmilan", "p-cpe:/a:centos:centos:fence-agents-kdump", "p-cpe:/a:centos:centos:fence-agents-lpar", "p-cpe:/a:centos:centos:fence-agents-mpath", "p-cpe:/a:centos:centos:fence-agents-redfish", "p-cpe:/a:centos:centos:fence-agents-rhevm", "p-cpe:/a:centos:centos:fence-agents-rsa", "p-cpe:/a:centos:centos:fence-agents-rsb", "p-cpe:/a:centos:centos:fence-agents-sbd", "p-cpe:/a:centos:centos:fence-agents-scsi", "p-cpe:/a:centos:centos:fence-agents-virsh", "p-cpe:/a:centos:centos:fence-agents-vmware-rest", "p-cpe:/a:centos:centos:fence-agents-vmware-soap", "p-cpe:/a:centos:centos:fence-agents-wti", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2020-5003.NASL", "href": "https://www.tenable.com/plugins/nessus/143122", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:5003 and\n# CentOS Errata and Security Advisory 2020:5003 respectively.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143122);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/30\");\n\n script_cve_id(\"CVE-2020-11078\");\n script_xref(name:\"RHSA\", value:\"2020:5003\");\n\n script_name(english:\"CentOS 7 : fence-agents (CESA-2020:5003)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the\nCESA-2020:5003 advisory.\n\n - python-httplib2: CRLF injection via an attacker controlled unescaped part of uri for httplib2.Http.request\n function (CVE-2020-11078)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.centos.org/pipermail/centos-announce/2020-November/035863.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2dd935a5\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/113.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11078\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(113);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:fence-agents-aliyun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:fence-agents-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:fence-agents-amt-ws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:fence-agents-apc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:fence-agents-apc-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:fence-agents-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:fence-agents-azure-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:fence-agents-bladecenter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:fence-agents-brocade\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:fence-agents-cisco-mds\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:fence-agents-cisco-ucs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:fence-agents-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:fence-agents-compute\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:fence-agents-drac5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:fence-agents-eaton-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:fence-agents-emerson\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:fence-agents-eps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:fence-agents-gce\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:fence-agents-heuristics-ping\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:fence-agents-hpblade\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:fence-agents-ibmblade\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:fence-agents-ifmib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:fence-agents-ilo-moonshot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:fence-agents-ilo-mp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:fence-agents-ilo-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:fence-agents-ilo2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:fence-agents-intelmodular\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:fence-agents-ipdu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:fence-agents-ipmilan\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:fence-agents-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:fence-agents-lpar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:fence-agents-mpath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:fence-agents-redfish\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:fence-agents-rhevm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:fence-agents-rsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:fence-agents-rsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:fence-agents-sbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:fence-agents-scsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:fence-agents-virsh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:fence-agents-vmware-rest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:fence-agents-vmware-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:fence-agents-wti\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'CentOS 7.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'fence-agents-aliyun-4.2.1-41.el7_9.2', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'fence-agents-all-4.2.1-41.el7_9.2', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'fence-agents-amt-ws-4.2.1-41.el7_9.2', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'fence-agents-apc-4.2.1-41.el7_9.2', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'fence-agents-apc-snmp-4.2.1-41.el7_9.2', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'fence-agents-aws-4.2.1-41.el7_9.2', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'fence-agents-azure-arm-4.2.1-41.el7_9.2', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'fence-agents-bladecenter-4.2.1-41.el7_9.2', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'fence-agents-brocade-4.2.1-41.el7_9.2', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'fence-agents-cisco-mds-4.2.1-41.el7_9.2', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'fence-agents-cisco-ucs-4.2.1-41.el7_9.2', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'fence-agents-common-4.2.1-41.el7_9.2', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'fence-agents-compute-4.2.1-41.el7_9.2', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'fence-agents-drac5-4.2.1-41.el7_9.2', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'fence-agents-eaton-snmp-4.2.1-41.el7_9.2', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'fence-agents-emerson-4.2.1-41.el7_9.2', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'fence-agents-eps-4.2.1-41.el7_9.2', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'fence-agents-gce-4.2.1-41.el7_9.2', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'fence-agents-heuristics-ping-4.2.1-41.el7_9.2', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'fence-agents-hpblade-4.2.1-41.el7_9.2', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'fence-agents-ibmblade-4.2.1-41.el7_9.2', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'fence-agents-ifmib-4.2.1-41.el7_9.2', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'fence-agents-ilo-moonshot-4.2.1-41.el7_9.2', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'fence-agents-ilo-mp-4.2.1-41.el7_9.2', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'fence-agents-ilo-ssh-4.2.1-41.el7_9.2', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'fence-agents-ilo2-4.2.1-41.el7_9.2', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'fence-agents-intelmodular-4.2.1-41.el7_9.2', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'fence-agents-ipdu-4.2.1-41.el7_9.2', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'fence-agents-ipmilan-4.2.1-41.el7_9.2', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'fence-agents-kdump-4.2.1-41.el7_9.2', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'fence-agents-lpar-4.2.1-41.el7_9.2', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'fence-agents-mpath-4.2.1-41.el7_9.2', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'fence-agents-redfish-4.2.1-41.el7_9.2', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'fence-agents-rhevm-4.2.1-41.el7_9.2', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'fence-agents-rsa-4.2.1-41.el7_9.2', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'fence-agents-rsb-4.2.1-41.el7_9.2', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'fence-agents-sbd-4.2.1-41.el7_9.2', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'fence-agents-scsi-4.2.1-41.el7_9.2', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'fence-agents-virsh-4.2.1-41.el7_9.2', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'fence-agents-vmware-rest-4.2.1-41.el7_9.2', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'fence-agents-vmware-soap-4.2.1-41.el7_9.2', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'fence-agents-wti-4.2.1-41.el7_9.2', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'fence-agents-aliyun / fence-agents-all / fence-agents-amt-ws / etc');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-06T14:37:27", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:5003 advisory.\n\n - python-httplib2: CRLF injection via an attacker controlled unescaped part of uri for httplib2.Http.request function (CVE-2020-11078)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.8, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"}, "published": "2020-11-11T00:00:00", "type": "nessus", "title": "RHEL 7 : fence-agents (RHSA-2020:5003)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11078"], "modified": "2021-10-12T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:fence-agents-aliyun", "p-cpe:/a:redhat:enterprise_linux:fence-agents-all", "p-cpe:/a:redhat:enterprise_linux:fence-agents-amt-ws", "p-cpe:/a:redhat:enterprise_linux:fence-agents-apc", "p-cpe:/a:redhat:enterprise_linux:fence-agents-apc-snmp", "p-cpe:/a:redhat:enterprise_linux:fence-agents-aws", "p-cpe:/a:redhat:enterprise_linux:fence-agents-azure-arm", "p-cpe:/a:redhat:enterprise_linux:fence-agents-bladecenter", "p-cpe:/a:redhat:enterprise_linux:fence-agents-brocade", "p-cpe:/a:redhat:enterprise_linux:fence-agents-cisco-mds", "p-cpe:/a:redhat:enterprise_linux:fence-agents-cisco-ucs", "p-cpe:/a:redhat:enterprise_linux:fence-agents-common", "p-cpe:/a:redhat:enterprise_linux:fence-agents-compute", "p-cpe:/a:redhat:enterprise_linux:fence-agents-drac5", "p-cpe:/a:redhat:enterprise_linux:fence-agents-eaton-snmp", "p-cpe:/a:redhat:enterprise_linux:fence-agents-emerson", "p-cpe:/a:redhat:enterprise_linux:fence-agents-eps", "p-cpe:/a:redhat:enterprise_linux:fence-agents-gce", "p-cpe:/a:redhat:enterprise_linux:fence-agents-heuristics-ping", "p-cpe:/a:redhat:enterprise_linux:fence-agents-hpblade", "p-cpe:/a:redhat:enterprise_linux:fence-agents-ibmblade", "p-cpe:/a:redhat:enterprise_linux:fence-agents-ifmib", "p-cpe:/a:redhat:enterprise_linux:fence-agents-ilo-moonshot", "p-cpe:/a:redhat:enterprise_linux:fence-agents-ilo-mp", "p-cpe:/a:redhat:enterprise_linux:fence-agents-ilo-ssh", "p-cpe:/a:redhat:enterprise_linux:fence-agents-ilo2", "p-cpe:/a:redhat:enterprise_linux:fence-agents-intelmodular", "p-cpe:/a:redhat:enterprise_linux:fence-agents-ipdu", "p-cpe:/a:redhat:enterprise_linux:fence-agents-ipmilan", "p-cpe:/a:redhat:enterprise_linux:fence-agents-kdump", "p-cpe:/a:redhat:enterprise_linux:fence-agents-lpar", "p-cpe:/a:redhat:enterprise_linux:fence-agents-mpath", "p-cpe:/a:redhat:enterprise_linux:fence-agents-redfish", "p-cpe:/a:redhat:enterprise_linux:fence-agents-rhevm", "p-cpe:/a:redhat:enterprise_linux:fence-agents-rsa", "p-cpe:/a:redhat:enterprise_linux:fence-agents-rsb", "p-cpe:/a:redhat:enterprise_linux:fence-agents-sbd", "p-cpe:/a:redhat:enterprise_linux:fence-agents-scsi", "p-cpe:/a:redhat:enterprise_linux:fence-agents-virsh", "p-cpe:/a:redhat:enterprise_linux:fence-agents-vmware-rest", "p-cpe:/a:redhat:enterprise_linux:fence-agents-vmware-soap", "p-cpe:/a:redhat:enterprise_linux:fence-agents-wti", "p-cpe:/a:redhat:enterprise_linux:fence-agents-zvm"], "id": "REDHAT-RHSA-2020-5003.NASL", "href": "https://www.tenable.com/plugins/nessus/142704", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:5003. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142704);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/12\");\n\n script_cve_id(\"CVE-2020-11078\");\n script_xref(name:\"RHSA\", value:\"2020:5003\");\n\n script_name(english:\"RHEL 7 : fence-agents (RHSA-2020:5003)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:5003 advisory.\n\n - python-httplib2: CRLF injection via an attacker controlled unescaped part of uri for httplib2.Http.request\n function (CVE-2020-11078)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/113.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:5003\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1845937\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11078\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(113);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fence-agents-aliyun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fence-agents-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fence-agents-amt-ws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fence-agents-apc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fence-agents-apc-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fence-agents-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fence-agents-azure-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fence-agents-bladecenter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fence-agents-brocade\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fence-agents-cisco-mds\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fence-agents-cisco-ucs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fence-agents-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fence-agents-compute\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fence-agents-drac5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fence-agents-eaton-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fence-agents-emerson\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fence-agents-eps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fence-agents-gce\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fence-agents-heuristics-ping\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fence-agents-hpblade\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fence-agents-ibmblade\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fence-agents-ifmib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fence-agents-ilo-moonshot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fence-agents-ilo-mp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fence-agents-ilo-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fence-agents-ilo2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fence-agents-intelmodular\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fence-agents-ipdu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fence-agents-ipmilan\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fence-agents-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fence-agents-lpar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fence-agents-mpath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fence-agents-redfish\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fence-agents-rhevm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fence-agents-rsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fence-agents-rsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fence-agents-sbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fence-agents-scsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fence-agents-virsh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fence-agents-vmware-rest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fence-agents-vmware-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fence-agents-wti\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fence-agents-zvm\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'enterprise_linux_7_client': [\n 'rhel-7-desktop-debug-rpms',\n 'rhel-7-desktop-fastrack-debug-rpms',\n 'rhel-7-desktop-fastrack-rpms',\n 'rhel-7-desktop-fastrack-source-rpms',\n 'rhel-7-desktop-optional-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-rpms',\n 'rhel-7-desktop-optional-fastrack-source-rpms',\n 'rhel-7-desktop-optional-rpms',\n 'rhel-7-desktop-optional-source-rpms',\n 'rhel-7-desktop-rpms',\n 'rhel-7-desktop-source-rpms'\n ],\n 'enterprise_linux_7_computenode': [\n 'rhel-7-for-hpc-node-fastrack-debug-rpms',\n 'rhel-7-for-hpc-node-fastrack-rpms',\n 'rhel-7-for-hpc-node-fastrack-source-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-debug-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-source-rpms',\n 'rhel-7-hpc-node-debug-rpms',\n 'rhel-7-hpc-node-optional-debug-rpms',\n 'rhel-7-hpc-node-optional-rpms',\n 'rhel-7-hpc-node-optional-source-rpms',\n 'rhel-7-hpc-node-rpms',\n 'rhel-7-hpc-node-source-rpms'\n ],\n 'enterprise_linux_7_server': [\n 'rhel-7-for-system-z-a-debug-rpms',\n 'rhel-7-for-system-z-a-optional-debug-rpms',\n 'rhel-7-for-system-z-a-optional-rpms',\n 'rhel-7-for-system-z-a-optional-source-rpms',\n 'rhel-7-for-system-z-a-rpms',\n 'rhel-7-for-system-z-a-source-rpms',\n 'rhel-7-for-system-z-debug-rpms',\n 'rhel-7-for-system-z-fastrack-debug-rpms',\n 'rhel-7-for-system-z-fastrack-rpms',\n 'rhel-7-for-system-z-fastrack-source-rpms',\n 'rhel-7-for-system-z-optional-debug-rpms',\n 'rhel-7-for-system-z-optional-fastrack-debug-rpms',\n 'rhel-7-for-system-z-optional-fastrack-rpms',\n 'rhel-7-for-system-z-optional-fastrack-source-rpms',\n 'rhel-7-for-system-z-optional-rpms',\n 'rhel-7-for-system-z-optional-source-rpms',\n 'rhel-7-for-system-z-rpms',\n 'rhel-7-for-system-z-source-rpms',\n 'rhel-7-server-debug-rpms',\n 'rhel-7-server-fastrack-debug-rpms',\n 'rhel-7-server-fastrack-rpms',\n 'rhel-7-server-fastrack-source-rpms',\n 'rhel-7-server-optional-debug-rpms',\n 'rhel-7-server-optional-fastrack-debug-rpms',\n 'rhel-7-server-optional-fastrack-rpms',\n 'rhel-7-server-optional-fastrack-source-rpms',\n 'rhel-7-server-optional-rpms',\n 'rhel-7-server-optional-source-rpms',\n 'rhel-7-server-rpms',\n 'rhel-7-server-source-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-source-rpms',\n 'rhel-ha-for-rhel-7-server-debug-rpms',\n 'rhel-ha-for-rhel-7-server-rpms',\n 'rhel-ha-for-rhel-7-server-source-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-source-rpms',\n 'rhel-rs-for-rhel-7-server-debug-rpms',\n 'rhel-rs-for-rhel-7-server-rpms',\n 'rhel-rs-for-rhel-7-server-source-rpms'\n ],\n 'enterprise_linux_7_workstation': [\n 'rhel-7-workstation-debug-rpms',\n 'rhel-7-workstation-fastrack-debug-rpms',\n 'rhel-7-workstation-fastrack-rpms',\n 'rhel-7-workstation-fastrack-source-rpms',\n 'rhel-7-workstation-optional-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-rpms',\n 'rhel-7-workstation-optional-fastrack-source-rpms',\n 'rhel-7-workstation-optional-rpms',\n 'rhel-7-workstation-optional-source-rpms',\n 'rhel-7-workstation-rpms',\n 'rhel-7-workstation-source-rpms'\n ],\n 'rhel_extras_7': [\n 'rhel-7-desktop-supplementary-rpms',\n 'rhel-7-desktop-supplementary-source-rpms',\n 'rhel-7-for-hpc-node-supplementary-rpms',\n 'rhel-7-for-hpc-node-supplementary-source-rpms',\n 'rhel-7-for-system-z-eus-supplementary-rpms',\n 'rhel-7-for-system-z-eus-supplementary-source-rpms',\n 'rhel-7-for-system-z-supplementary-debug-rpms',\n 'rhel-7-for-system-z-supplementary-rpms',\n 'rhel-7-for-system-z-supplementary-source-rpms',\n 'rhel-7-hpc-node-eus-supplementary-rpms',\n 'rhel-7-server-eus-supplementary-rpms',\n 'rhel-7-server-supplementary-rpms',\n 'rhel-7-server-supplementary-source-rpms',\n 'rhel-7-workstation-supplementary-rpms',\n 'rhel-7-workstation-supplementary-source-rpms'\n ],\n 'rhel_extras_oracle_java_7': [\n 'rhel-7-desktop-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-for-hpc-node-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-hpc-node-eus-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-server-eus-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-server-eus-restricted-maintenance-oracle-java-source-rpms',\n 'rhel-7-server-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-workstation-restricted-maintenance-oracle-java-rpms'\n ],\n 'rhel_extras_rt_7': [\n 'rhel-7-server-nfv-debug-rpms',\n 'rhel-7-server-nfv-rpms',\n 'rhel-7-server-nfv-source-rpms',\n 'rhel-7-server-rt-debug-rpms',\n 'rhel-7-server-rt-rpms',\n 'rhel-7-server-rt-source-rpms'\n ],\n 'rhel_extras_sap_7': [\n 'rhel-sap-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-eus-debug-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-eus-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-eus-source-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-source-rpms',\n 'rhel-sap-for-rhel-7-server-debug-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-for-rhel-7-server-eus-debug-rpms',\n 'rhel-sap-for-rhel-7-server-eus-rpms',\n 'rhel-sap-for-rhel-7-server-eus-source-rpms',\n 'rhel-sap-for-rhel-7-server-rpms',\n 'rhel-sap-for-rhel-7-server-source-rpms'\n ],\n 'rhel_extras_sap_hana_7': [\n 'rhel-sap-hana-for-rhel-7-server-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-rpms',\n 'rhel-sap-hana-for-rhel-7-server-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'fence-agents-aliyun-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-all-4.2.1-41.el7_9.2', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-all-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-amt-ws-4.2.1-41.el7_9.2', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-amt-ws-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-apc-4.2.1-41.el7_9.2', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-apc-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-apc-snmp-4.2.1-41.el7_9.2', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-apc-snmp-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-aws-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-azure-arm-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-bladecenter-4.2.1-41.el7_9.2', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-bladecenter-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-brocade-4.2.1-41.el7_9.2', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-brocade-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-cisco-mds-4.2.1-41.el7_9.2', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-cisco-mds-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-cisco-ucs-4.2.1-41.el7_9.2', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-cisco-ucs-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-common-4.2.1-41.el7_9.2', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-common-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-compute-4.2.1-41.el7_9.2', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-compute-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-drac5-4.2.1-41.el7_9.2', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-drac5-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-eaton-snmp-4.2.1-41.el7_9.2', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-eaton-snmp-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-emerson-4.2.1-41.el7_9.2', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-emerson-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-eps-4.2.1-41.el7_9.2', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-eps-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-gce-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-heuristics-ping-4.2.1-41.el7_9.2', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-heuristics-ping-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-hpblade-4.2.1-41.el7_9.2', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-hpblade-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-ibmblade-4.2.1-41.el7_9.2', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-ibmblade-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-ifmib-4.2.1-41.el7_9.2', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-ifmib-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-ilo-moonshot-4.2.1-41.el7_9.2', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-ilo-moonshot-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-ilo-mp-4.2.1-41.el7_9.2', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-ilo-mp-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-ilo-ssh-4.2.1-41.el7_9.2', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-ilo-ssh-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-ilo2-4.2.1-41.el7_9.2', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-ilo2-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-intelmodular-4.2.1-41.el7_9.2', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-intelmodular-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-ipdu-4.2.1-41.el7_9.2', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-ipdu-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-ipmilan-4.2.1-41.el7_9.2', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-ipmilan-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-kdump-4.2.1-41.el7_9.2', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-kdump-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-lpar-4.2.1-41.el7_9.2', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-lpar-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-mpath-4.2.1-41.el7_9.2', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-mpath-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-redfish-4.2.1-41.el7_9.2', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-redfish-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-rhevm-4.2.1-41.el7_9.2', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-rhevm-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-rsa-4.2.1-41.el7_9.2', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-rsa-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-rsb-4.2.1-41.el7_9.2', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-rsb-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-sbd-4.2.1-41.el7_9.2', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-sbd-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-scsi-4.2.1-41.el7_9.2', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-scsi-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-virsh-4.2.1-41.el7_9.2', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-virsh-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-vmware-rest-4.2.1-41.el7_9.2', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-vmware-rest-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-vmware-soap-4.2.1-41.el7_9.2', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-vmware-soap-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-wti-4.2.1-41.el7_9.2', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-wti-4.2.1-41.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'fence-agents-zvm-4.2.1-41.el7_9.2', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'fence-agents-aliyun / fence-agents-all / fence-agents-amt-ws / etc');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-06T14:37:49", "description": "The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2020-5947 advisory.\n\n - In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.\n (CVE-2020-11078)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.8, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"}, "published": "2020-11-24T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : resource-agents (ELSA-2020-5947)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11078"], "modified": "2020-12-01T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:resource-agents"], "id": "ORACLELINUX_ELSA-2020-5947.NASL", "href": "https://www.tenable.com/plugins/nessus/143207", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-5947.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143207);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/01\");\n\n script_cve_id(\"CVE-2020-11078\");\n\n script_name(english:\"Oracle Linux 8 : resource-agents (ELSA-2020-5947)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the\nELSA-2020-5947 advisory.\n\n - In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for\n `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same\n server. This vulnerability impacts software that uses httplib2 with uri constructed by string\n concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.\n (CVE-2020-11078)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5947.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected resource-agents package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11078\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:resource-agents\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\npkgs = [\n {'reference':'resource-agents-4.1.1-68.el8', 'cpu':'x86_64', 'release':'8'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'resource-agents');\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-06T14:37:49", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:5004 advisory.\n\n - python-httplib2: CRLF injection via an attacker controlled unescaped part of uri for httplib2.Http.request function (CVE-2020-11078)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.8, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"}, "published": "2020-11-11T00:00:00", "type": "nessus", "title": "RHEL 7 : resource-agents (RHSA-2020:5004)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11078"], "modified": "2021-10-12T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:resource-agents", "p-cpe:/a:redhat:enterprise_linux:resource-agents-aliyun", "p-cpe:/a:redhat:enterprise_linux:resource-agents-gcp", "p-cpe:/a:redhat:enterprise_linux:resource-agents-sap", "p-cpe:/a:redhat:enterprise_linux:resource-agents-sap-hana", "p-cpe:/a:redhat:enterprise_linux:resource-agents-sap-hana-scaleout", "p-cpe:/a:redhat:enterprise_linux:sap-cluster-connector"], "id": "REDHAT-RHSA-2020-5004.NASL", "href": "https://www.tenable.com/plugins/nessus/142707", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:5004. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142707);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/12\");\n\n script_cve_id(\"CVE-2020-11078\");\n script_xref(name:\"RHSA\", value:\"2020:5004\");\n\n script_name(english:\"RHEL 7 : resource-agents (RHSA-2020:5004)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:5004 advisory.\n\n - python-httplib2: CRLF injection via an attacker controlled unescaped part of uri for httplib2.Http.request\n function (CVE-2020-11078)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/113.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:5004\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1845937\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11078\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(113);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resource-agents\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resource-agents-aliyun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resource-agents-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resource-agents-sap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resource-agents-sap-hana\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resource-agents-sap-hana-scaleout\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sap-cluster-connector\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'enterprise_linux_7_client': [\n 'rhel-7-desktop-debug-rpms',\n 'rhel-7-desktop-fastrack-debug-rpms',\n 'rhel-7-desktop-fastrack-rpms',\n 'rhel-7-desktop-fastrack-source-rpms',\n 'rhel-7-desktop-optional-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-rpms',\n 'rhel-7-desktop-optional-fastrack-source-rpms',\n 'rhel-7-desktop-optional-rpms',\n 'rhel-7-desktop-optional-source-rpms',\n 'rhel-7-desktop-rpms',\n 'rhel-7-desktop-source-rpms'\n ],\n 'enterprise_linux_7_computenode': [\n 'rhel-7-for-hpc-node-fastrack-debug-rpms',\n 'rhel-7-for-hpc-node-fastrack-rpms',\n 'rhel-7-for-hpc-node-fastrack-source-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-debug-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-source-rpms',\n 'rhel-7-hpc-node-debug-rpms',\n 'rhel-7-hpc-node-optional-debug-rpms',\n 'rhel-7-hpc-node-optional-rpms',\n 'rhel-7-hpc-node-optional-source-rpms',\n 'rhel-7-hpc-node-rpms',\n 'rhel-7-hpc-node-source-rpms'\n ],\n 'enterprise_linux_7_server': [\n 'rhel-7-for-system-z-a-debug-rpms',\n 'rhel-7-for-system-z-a-optional-debug-rpms',\n 'rhel-7-for-system-z-a-optional-rpms',\n 'rhel-7-for-system-z-a-optional-source-rpms',\n 'rhel-7-for-system-z-a-rpms',\n 'rhel-7-for-system-z-a-source-rpms',\n 'rhel-7-for-system-z-debug-rpms',\n 'rhel-7-for-system-z-fastrack-debug-rpms',\n 'rhel-7-for-system-z-fastrack-rpms',\n 'rhel-7-for-system-z-fastrack-source-rpms',\n 'rhel-7-for-system-z-optional-debug-rpms',\n 'rhel-7-for-system-z-optional-fastrack-debug-rpms',\n 'rhel-7-for-system-z-optional-fastrack-rpms',\n 'rhel-7-for-system-z-optional-fastrack-source-rpms',\n 'rhel-7-for-system-z-optional-rpms',\n 'rhel-7-for-system-z-optional-source-rpms',\n 'rhel-7-for-system-z-rpms',\n 'rhel-7-for-system-z-source-rpms',\n 'rhel-7-server-debug-rpms',\n 'rhel-7-server-fastrack-debug-rpms',\n 'rhel-7-server-fastrack-rpms',\n 'rhel-7-server-fastrack-source-rpms',\n 'rhel-7-server-optional-debug-rpms',\n 'rhel-7-server-optional-fastrack-debug-rpms',\n 'rhel-7-server-optional-fastrack-rpms',\n 'rhel-7-server-optional-fastrack-source-rpms',\n 'rhel-7-server-optional-rpms',\n 'rhel-7-server-optional-source-rpms',\n 'rhel-7-server-rpms',\n 'rhel-7-server-source-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-source-rpms',\n 'rhel-ha-for-rhel-7-server-debug-rpms',\n 'rhel-ha-for-rhel-7-server-rpms',\n 'rhel-ha-for-rhel-7-server-source-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-source-rpms',\n 'rhel-rs-for-rhel-7-server-debug-rpms',\n 'rhel-rs-for-rhel-7-server-rpms',\n 'rhel-rs-for-rhel-7-server-source-rpms'\n ],\n 'enterprise_linux_7_workstation': [\n 'rhel-7-workstation-debug-rpms',\n 'rhel-7-workstation-fastrack-debug-rpms',\n 'rhel-7-workstation-fastrack-rpms',\n 'rhel-7-workstation-fastrack-source-rpms',\n 'rhel-7-workstation-optional-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-rpms',\n 'rhel-7-workstation-optional-fastrack-source-rpms',\n 'rhel-7-workstation-optional-rpms',\n 'rhel-7-workstation-optional-source-rpms',\n 'rhel-7-workstation-rpms',\n 'rhel-7-workstation-source-rpms'\n ],\n 'rhel_extras_7': [\n 'rhel-7-desktop-supplementary-rpms',\n 'rhel-7-desktop-supplementary-source-rpms',\n 'rhel-7-for-hpc-node-supplementary-rpms',\n 'rhel-7-for-hpc-node-supplementary-source-rpms',\n 'rhel-7-for-system-z-eus-supplementary-rpms',\n 'rhel-7-for-system-z-eus-supplementary-source-rpms',\n 'rhel-7-for-system-z-supplementary-debug-rpms',\n 'rhel-7-for-system-z-supplementary-rpms',\n 'rhel-7-for-system-z-supplementary-source-rpms',\n 'rhel-7-hpc-node-eus-supplementary-rpms',\n 'rhel-7-server-eus-supplementary-rpms',\n 'rhel-7-server-supplementary-rpms',\n 'rhel-7-server-supplementary-source-rpms',\n 'rhel-7-workstation-supplementary-rpms',\n 'rhel-7-workstation-supplementary-source-rpms'\n ],\n 'rhel_extras_oracle_java_7': [\n 'rhel-7-desktop-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-for-hpc-node-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-hpc-node-eus-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-server-eus-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-server-eus-restricted-maintenance-oracle-java-source-rpms',\n 'rhel-7-server-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-workstation-restricted-maintenance-oracle-java-rpms'\n ],\n 'rhel_extras_rt_7': [\n 'rhel-7-server-nfv-debug-rpms',\n 'rhel-7-server-nfv-rpms',\n 'rhel-7-server-nfv-source-rpms',\n 'rhel-7-server-rt-debug-rpms',\n 'rhel-7-server-rt-rpms',\n 'rhel-7-server-rt-source-rpms'\n ],\n 'rhel_extras_sap_7': [\n 'rhel-sap-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-eus-debug-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-eus-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-eus-source-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-source-rpms',\n 'rhel-sap-for-rhel-7-server-debug-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-for-rhel-7-server-eus-debug-rpms',\n 'rhel-sap-for-rhel-7-server-eus-rpms',\n 'rhel-sap-for-rhel-7-server-eus-source-rpms',\n 'rhel-sap-for-rhel-7-server-rpms',\n 'rhel-sap-for-rhel-7-server-source-rpms'\n ],\n 'rhel_extras_sap_hana_7': [\n 'rhel-sap-hana-for-rhel-7-server-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-rpms',\n 'rhel-sap-hana-for-rhel-7-server-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'resource-agents-4.1.1-61.el7_9.4', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'resource-agents-4.1.1-61.el7_9.4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'resource-agents-aliyun-4.1.1-61.el7_9.4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'resource-agents-gcp-4.1.1-61.el7_9.4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'resource-agents-sap-4.1.1-61.el7_9.4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'resource-agents-sap-hana-4.1.1-61.el7_9.4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'resource-agents-sap-hana-scaleout-0.164.0-6.el7_9.4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'sap-cluster-connector-3.0.1-37.el7_9.4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'resource-agents / resource-agents-aliyun / resource-agents-gcp / etc');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-06T14:16:32", "description": "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1420 advisory.\n\n - In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.\n (CVE-2020-11078)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.8, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"}, "published": "2020-08-31T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : python26-httplib2 (ALAS-2020-1420)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11078"], "modified": "2020-08-31T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:python26-httplib2", "p-cpe:/a:amazon:linux:python27-httplib2", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2020-1420.NASL", "href": "https://www.tenable.com/plugins/nessus/140095", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2020-1420.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140095);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/31\");\n\n script_cve_id(\"CVE-2020-11078\");\n script_xref(name:\"ALAS\", value:\"2020-1420\");\n\n script_name(english:\"Amazon Linux AMI : python26-httplib2 (ALAS-2020-1420)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a\nvulnerability as referenced in the ALAS-2020-1420 advisory.\n\n - In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for\n `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same\n server. This vulnerability impacts software that uses httplib2 with uri constructed by string\n concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.\n (CVE-2020-11078)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2020-1420.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11078\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update python-httplib2' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11078\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-httplib2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python27-httplib2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\npkgs = [\n {'reference':'python26-httplib2-0.18.1-1.13.amzn1', 'release':'ALA'},\n {'reference':'python27-httplib2-0.18.1-1.13.amzn1', 'release':'ALA'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python26-httplib2 / python27-httplib2\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-06T17:39:08", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has resource-agents packages installed that are affected by a vulnerability:\n\n - In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.\n (CVE-2020-11078)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.8, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"}, "published": "2021-05-07T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : resource-agents Vulnerability (NS-SA-2021-0034)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11078"], "modified": "2021-05-10T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2021-0034_RESOURCE-AGENTS.NASL", "href": "https://www.tenable.com/plugins/nessus/149338", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0034. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149338);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/10\");\n\n script_cve_id(\"CVE-2020-11078\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : resource-agents Vulnerability (NS-SA-2021-0034)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has resource-agents packages installed that are\naffected by a vulnerability:\n\n - In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for\n `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same\n server. This vulnerability impacts software that uses httplib2 with uri constructed by string\n concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.\n (CVE-2020-11078)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0034\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL resource-agents packages. Note that updated packages may not be available yet. Please\ncontact ZTE for more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11078\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.04': [\n 'resource-agents-4.1.1-61.el7_9.4',\n 'resource-agents-aliyun-4.1.1-61.el7_9.4',\n 'resource-agents-gcp-4.1.1-61.el7_9.4',\n 'resource-agents-sap-4.1.1-61.el7_9.4',\n 'resource-agents-sap-hana-4.1.1-61.el7_9.4',\n 'resource-agents-sap-hana-scaleout-0.164.0-6.el7_9.4',\n 'sap-cluster-connector-3.0.1-37.el7_9.4'\n ],\n 'CGSL MAIN 5.04': [\n 'resource-agents-4.1.1-61.el7_9.4',\n 'resource-agents-aliyun-4.1.1-61.el7_9.4',\n 'resource-agents-gcp-4.1.1-61.el7_9.4',\n 'resource-agents-sap-4.1.1-61.el7_9.4',\n 'resource-agents-sap-hana-4.1.1-61.el7_9.4',\n 'resource-agents-sap-hana-scaleout-0.164.0-6.el7_9.4',\n 'sap-cluster-connector-3.0.1-37.el7_9.4'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'resource-agents');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-06T17:27:29", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has resource-agents packages installed that are affected by a vulnerability:\n\n - In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.\n (CVE-2020-11078)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.8, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"}, "published": "2021-10-27T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : resource-agents Vulnerability (NS-SA-2021-0155)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11078"], "modified": "2021-10-27T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_core:resource-agents", "p-cpe:/a:zte:cgsl_core:resource-agents-aliyun", "p-cpe:/a:zte:cgsl_core:resource-agents-gcp", "p-cpe:/a:zte:cgsl_core:resource-agents-sap", "p-cpe:/a:zte:cgsl_core:resource-agents-sap-hana", "p-cpe:/a:zte:cgsl_core:resource-agents-sap-hana-scaleout", "p-cpe:/a:zte:cgsl_core:sap-cluster-connector", "p-cpe:/a:zte:cgsl_main:resource-agents", "p-cpe:/a:zte:cgsl_main:resource-agents-aliyun", "p-cpe:/a:zte:cgsl_main:resource-agents-gcp", "p-cpe:/a:zte:cgsl_main:resource-agents-sap", "p-cpe:/a:zte:cgsl_main:resource-agents-sap-hana", "p-cpe:/a:zte:cgsl_main:resource-agents-sap-hana-scaleout", "p-cpe:/a:zte:cgsl_main:sap-cluster-connector", "cpe:/o:zte:cgsl_core:5", "cpe:/o:zte:cgsl_main:5"], "id": "NEWSTART_CGSL_NS-SA-2021-0155_RESOURCE-AGENTS.NASL", "href": "https://www.tenable.com/plugins/nessus/154494", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0155. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154494);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/27\");\n\n script_cve_id(\"CVE-2020-11078\");\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : resource-agents Vulnerability (NS-SA-2021-0155)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has resource-agents packages installed that are\naffected by a vulnerability:\n\n - In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for\n `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same\n server. This vulnerability impacts software that uses httplib2 with uri constructed by string\n concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.\n (CVE-2020-11078)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0155\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-11078\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL resource-agents packages. Note that updated packages may not be available yet. Please\ncontact ZTE for more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11078\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:resource-agents\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:resource-agents-aliyun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:resource-agents-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:resource-agents-sap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:resource-agents-sap-hana\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:resource-agents-sap-hana-scaleout\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:sap-cluster-connector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:resource-agents\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:resource-agents-aliyun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:resource-agents-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:resource-agents-sap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:resource-agents-sap-hana\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:resource-agents-sap-hana-scaleout\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:sap-cluster-connector\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_core:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:5\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL CORE 5.05': [\n 'resource-agents-4.1.1-61.el7_9.4',\n 'resource-agents-aliyun-4.1.1-61.el7_9.4',\n 'resource-agents-gcp-4.1.1-61.el7_9.4',\n 'resource-agents-sap-4.1.1-61.el7_9.4',\n 'resource-agents-sap-hana-4.1.1-61.el7_9.4',\n 'resource-agents-sap-hana-scaleout-0.164.0-6.el7_9.4',\n 'sap-cluster-connector-3.0.1-37.el7_9.4'\n ],\n 'CGSL MAIN 5.05': [\n 'resource-agents-4.1.1-61.el7_9.4',\n 'resource-agents-aliyun-4.1.1-61.el7_9.4',\n 'resource-agents-gcp-4.1.1-61.el7_9.4',\n 'resource-agents-sap-4.1.1-61.el7_9.4',\n 'resource-agents-sap-hana-4.1.1-61.el7_9.4',\n 'resource-agents-sap-hana-scaleout-0.164.0-6.el7_9.4',\n 'sap-cluster-connector-3.0.1-37.el7_9.4'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'resource-agents');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-06T17:25:47", "description": "The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:4605 advisory.\n\n - python-httplib2: CRLF injection via an attacker controlled unescaped part of uri for httplib2.Http.request function (CVE-2020-11078)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.8, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"}, "published": "2021-02-01T00:00:00", "type": "nessus", "title": "CentOS 8 : resource-agents (CESA-2020:4605)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11078"], "modified": "2021-03-23T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:resource-agents", "p-cpe:/a:centos:centos:resource-agents-aliyun", "p-cpe:/a:centos:centos:resource-agents-gcp"], "id": "CENTOS8_RHSA-2020-4605.NASL", "href": "https://www.tenable.com/plugins/nessus/145820", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2020:4605. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145820);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/23\");\n\n script_cve_id(\"CVE-2020-11078\");\n script_xref(name:\"RHSA\", value:\"2020:4605\");\n\n script_name(english:\"CentOS 8 : resource-agents (CESA-2020:4605)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nCESA-2020:4605 advisory.\n\n - python-httplib2: CRLF injection via an attacker controlled unescaped part of uri for httplib2.Http.request\n function (CVE-2020-11078)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4605\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected resource-agents, resource-agents-aliyun and / or resource-agents-gcp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11078\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:resource-agents\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:resource-agents-aliyun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:resource-agents-gcp\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'resource-agents-4.1.1-68.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'resource-agents-4.1.1-68.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'resource-agents-aliyun-4.1.1-68.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'resource-agents-aliyun-4.1.1-68.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'resource-agents-gcp-4.1.1-68.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'resource-agents-gcp-4.1.1-68.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'resource-agents / resource-agents-aliyun / resource-agents-gcp');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-06T17:26:13", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has fence-agents packages installed that are affected by a vulnerability:\n\n - In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.\n (CVE-2020-11078)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.8, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"}, "published": "2021-10-28T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : fence-agents Vulnerability (NS-SA-2021-0146)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11078"], "modified": "2021-10-28T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_core:fence-agents-aliyun", "p-cpe:/a:zte:cgsl_core:fence-agents-all", "p-cpe:/a:zte:cgsl_core:fence-agents-amt-ws", "p-cpe:/a:zte:cgsl_core:fence-agents-apc", "p-cpe:/a:zte:cgsl_core:fence-agents-apc-snmp", "p-cpe:/a:zte:cgsl_core:fence-agents-aws", "p-cpe:/a:zte:cgsl_core:fence-agents-azure-arm", "p-cpe:/a:zte:cgsl_core:fence-agents-bladecenter", "p-cpe:/a:zte:cgsl_core:fence-agents-brocade", "p-cpe:/a:zte:cgsl_core:fence-agents-cisco-mds", "p-cpe:/a:zte:cgsl_core:fence-agents-cisco-ucs", "p-cpe:/a:zte:cgsl_core:fence-agents-common", "p-cpe:/a:zte:cgsl_core:fence-agents-compute", "p-cpe:/a:zte:cgsl_core:fence-agents-drac5", "p-cpe:/a:zte:cgsl_core:fence-agents-eaton-snmp", "p-cpe:/a:zte:cgsl_core:fence-agents-emerson", "p-cpe:/a:zte:cgsl_core:fence-agents-eps", "p-cpe:/a:zte:cgsl_core:fence-agents-gce", "p-cpe:/a:zte:cgsl_core:fence-agents-heuristics-ping", "p-cpe:/a:zte:cgsl_core:fence-agents-hpblade", "p-cpe:/a:zte:cgsl_core:fence-agents-ibmblade", "p-cpe:/a:zte:cgsl_core:fence-agents-ifmib", "p-cpe:/a:zte:cgsl_core:fence-agents-ilo-moonshot", "p-cpe:/a:zte:cgsl_core:fence-agents-ilo-mp", "p-cpe:/a:zte:cgsl_core:fence-agents-ilo-ssh", "p-cpe:/a:zte:cgsl_core:fence-agents-ilo2", "p-cpe:/a:zte:cgsl_core:fence-agents-intelmodular", "p-cpe:/a:zte:cgsl_core:fence-agents-ipdu", "p-cpe:/a:zte:cgsl_core:fence-agents-ipmilan", "p-cpe:/a:zte:cgsl_core:fence-agents-kdump", "p-cpe:/a:zte:cgsl_core:fence-agents-lpar", "p-cpe:/a:zte:cgsl_core:fence-agents-mpath", "p-cpe:/a:zte:cgsl_core:fence-agents-redfish", "p-cpe:/a:zte:cgsl_core:fence-agents-rhevm", "p-cpe:/a:zte:cgsl_core:fence-agents-rsa", "p-cpe:/a:zte:cgsl_core:fence-agents-rsb", "p-cpe:/a:zte:cgsl_core:fence-agents-sbd", "p-cpe:/a:zte:cgsl_core:fence-agents-scsi", "p-cpe:/a:zte:cgsl_core:fence-agents-virsh", "p-cpe:/a:zte:cgsl_core:fence-agents-vmware-rest", "p-cpe:/a:zte:cgsl_core:fence-agents-vmware-soap", "p-cpe:/a:zte:cgsl_core:fence-agents-wti", "p-cpe:/a:zte:cgsl_main:fence-agents-aliyun", "p-cpe:/a:zte:cgsl_main:fence-agents-all", "p-cpe:/a:zte:cgsl_main:fence-agents-amt-ws", "p-cpe:/a:zte:cgsl_main:fence-agents-apc", "p-cpe:/a:zte:cgsl_main:fence-agents-apc-snmp", "p-cpe:/a:zte:cgsl_main:fence-agents-aws", "p-cpe:/a:zte:cgsl_main:fence-agents-azure-arm", "p-cpe:/a:zte:cgsl_main:fence-agents-bladecenter", "p-cpe:/a:zte:cgsl_main:fence-agents-brocade", "p-cpe:/a:zte:cgsl_main:fence-agents-cisco-mds", "p-cpe:/a:zte:cgsl_main:fence-agents-cisco-ucs", "p-cpe:/a:zte:cgsl_main:fence-agents-common", "p-cpe:/a:zte:cgsl_main:fence-agents-compute", "p-cpe:/a:zte:cgsl_main:fence-agents-drac5", "p-cpe:/a:zte:cgsl_main:fence-agents-eaton-snmp", "p-cpe:/a:zte:cgsl_main:fence-agents-emerson", "p-cpe:/a:zte:cgsl_main:fence-agents-eps", "p-cpe:/a:zte:cgsl_main:fence-agents-gce", "p-cpe:/a:zte:cgsl_main:fence-agents-heuristics-ping", "p-cpe:/a:zte:cgsl_main:fence-agents-hpblade", "p-cpe:/a:zte:cgsl_main:fence-agents-ibmblade", "p-cpe:/a:zte:cgsl_main:fence-agents-ifmib", "p-cpe:/a:zte:cgsl_main:fence-agents-ilo-moonshot", "p-cpe:/a:zte:cgsl_main:fence-agents-ilo-mp", "p-cpe:/a:zte:cgsl_main:fence-agents-ilo-ssh", "p-cpe:/a:zte:cgsl_main:fence-agents-ilo2", "p-cpe:/a:zte:cgsl_main:fence-agents-intelmodular", "p-cpe:/a:zte:cgsl_main:fence-agents-ipdu", "p-cpe:/a:zte:cgsl_main:fence-agents-ipmilan", "p-cpe:/a:zte:cgsl_main:fence-agents-kdump", "p-cpe:/a:zte:cgsl_main:fence-agents-lpar", "p-cpe:/a:zte:cgsl_main:fence-agents-mpath", "p-cpe:/a:zte:cgsl_main:fence-agents-redfish", "p-cpe:/a:zte:cgsl_main:fence-agents-rhevm", "p-cpe:/a:zte:cgsl_main:fence-agents-rsa", "p-cpe:/a:zte:cgsl_main:fence-agents-rsb", "p-cpe:/a:zte:cgsl_main:fence-agents-sbd", "p-cpe:/a:zte:cgsl_main:fence-agents-scsi", "p-cpe:/a:zte:cgsl_main:fence-agents-virsh", "p-cpe:/a:zte:cgsl_main:fence-agents-vmware-rest", "p-cpe:/a:zte:cgsl_main:fence-agents-vmware-soap", "p-cpe:/a:zte:cgsl_main:fence-agents-wti", "cpe:/o:zte:cgsl_core:5", "cpe:/o:zte:cgsl_main:5"], "id": "NEWSTART_CGSL_NS-SA-2021-0146_FENCE-AGENTS.NASL", "href": "https://www.tenable.com/plugins/nessus/154628", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0146. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154628);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/28\");\n\n script_cve_id(\"CVE-2020-11078\");\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : fence-agents Vulnerability (NS-SA-2021-0146)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has fence-agents packages installed that are\naffected by a vulnerability:\n\n - In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for\n `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same\n server. This vulnerability impacts software that uses httplib2 with uri constructed by string\n concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.\n (CVE-2020-11078)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0146\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-11078\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL fence-agents packages. Note that updated packages may not be available yet. Please contact\nZTE for more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11078\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:fence-agents-aliyun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:fence-agents-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:fence-agents-amt-ws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:fence-agents-apc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:fence-agents-apc-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:fence-agents-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:fence-agents-azure-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:fence-agents-bladecenter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:fence-agents-brocade\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:fence-agents-cisco-mds\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:fence-agents-cisco-ucs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:fence-agents-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:fence-agents-compute\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:fence-agents-drac5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:fence-agents-eaton-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:fence-agents-emerson\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:fence-agents-eps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:fence-agents-gce\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:fence-agents-heuristics-ping\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:fence-agents-hpblade\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:fence-agents-ibmblade\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:fence-agents-ifmib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:fence-agents-ilo-moonshot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:fence-agents-ilo-mp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:fence-agents-ilo-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:fence-agents-ilo2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:fence-agents-intelmodular\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:fence-agents-ipdu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:fence-agents-ipmilan\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:fence-agents-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:fence-agents-lpar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:fence-agents-mpath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:fence-agents-redfish\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:fence-agents-rhevm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:fence-agents-rsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:fence-agents-rsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:fence-agents-sbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:fence-agents-scsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:fence-agents-virsh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:fence-agents-vmware-rest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:fence-agents-vmware-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:fence-agents-wti\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:fence-agents-aliyun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:fence-agents-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:fence-agents-amt-ws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:fence-agents-apc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:fence-agents-apc-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:fence-agents-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:fence-agents-azure-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:fence-agents-bladecenter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:fence-agents-brocade\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:fence-agents-cisco-mds\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:fence-agents-cisco-ucs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:fence-agents-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:fence-agents-compute\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:fence-agents-drac5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:fence-agents-eaton-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:fence-agents-emerson\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:fence-agents-eps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:fence-agents-gce\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:fence-agents-heuristics-ping\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:fence-agents-hpblade\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:fence-agents-ibmblade\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:fence-agents-ifmib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:fence-agents-ilo-moonshot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:fence-agents-ilo-mp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:fence-agents-ilo-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:fence-agents-ilo2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:fence-agents-intelmodular\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:fence-agents-ipdu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:fence-agents-ipmilan\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:fence-agents-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:fence-agents-lpar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:fence-agents-mpath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:fence-agents-redfish\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:fence-agents-rhevm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:fence-agents-rsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:fence-agents-rsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:fence-agents-sbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:fence-agents-scsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:fence-agents-virsh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:fence-agents-vmware-rest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:fence-agents-vmware-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:fence-agents-wti\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_core:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:5\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL CORE 5.05': [\n 'fence-agents-aliyun-4.2.1-41.el7_9.2',\n 'fence-agents-all-4.2.1-41.el7_9.2',\n 'fence-agents-amt-ws-4.2.1-41.el7_9.2',\n 'fence-agents-apc-4.2.1-41.el7_9.2',\n 'fence-agents-apc-snmp-4.2.1-41.el7_9.2',\n 'fence-agents-aws-4.2.1-41.el7_9.2',\n 'fence-agents-azure-arm-4.2.1-41.el7_9.2',\n 'fence-agents-bladecenter-4.2.1-41.el7_9.2',\n 'fence-agents-brocade-4.2.1-41.el7_9.2',\n 'fence-agents-cisco-mds-4.2.1-41.el7_9.2',\n 'fence-agents-cisco-ucs-4.2.1-41.el7_9.2',\n 'fence-agents-common-4.2.1-41.el7_9.2',\n 'fence-agents-compute-4.2.1-41.el7_9.2',\n 'fence-agents-drac5-4.2.1-41.el7_9.2',\n 'fence-agents-eaton-snmp-4.2.1-41.el7_9.2',\n 'fence-agents-emerson-4.2.1-41.el7_9.2',\n 'fence-agents-eps-4.2.1-41.el7_9.2',\n 'fence-agents-gce-4.2.1-41.el7_9.2',\n 'fence-agents-heuristics-ping-4.2.1-41.el7_9.2',\n 'fence-agents-hpblade-4.2.1-41.el7_9.2',\n 'fence-agents-ibmblade-4.2.1-41.el7_9.2',\n 'fence-agents-ifmib-4.2.1-41.el7_9.2',\n 'fence-agents-ilo-moonshot-4.2.1-41.el7_9.2',\n 'fence-agents-ilo-mp-4.2.1-41.el7_9.2',\n 'fence-agents-ilo-ssh-4.2.1-41.el7_9.2',\n 'fence-agents-ilo2-4.2.1-41.el7_9.2',\n 'fence-agents-intelmodular-4.2.1-41.el7_9.2',\n 'fence-agents-ipdu-4.2.1-41.el7_9.2',\n 'fence-agents-ipmilan-4.2.1-41.el7_9.2',\n 'fence-agents-kdump-4.2.1-41.el7_9.2',\n 'fence-agents-lpar-4.2.1-41.el7_9.2',\n 'fence-agents-mpath-4.2.1-41.el7_9.2',\n 'fence-agents-redfish-4.2.1-41.el7_9.2',\n 'fence-agents-rhevm-4.2.1-41.el7_9.2',\n 'fence-agents-rsa-4.2.1-41.el7_9.2',\n 'fence-agents-rsb-4.2.1-41.el7_9.2',\n 'fence-agents-sbd-4.2.1-41.el7_9.2',\n 'fence-agents-scsi-4.2.1-41.el7_9.2',\n 'fence-agents-virsh-4.2.1-41.el7_9.2',\n 'fence-agents-vmware-rest-4.2.1-41.el7_9.2',\n 'fence-agents-vmware-soap-4.2.1-41.el7_9.2',\n 'fence-agents-wti-4.2.1-41.el7_9.2'\n ],\n 'CGSL MAIN 5.05': [\n 'fence-agents-aliyun-4.2.1-41.el7_9.2',\n 'fence-agents-all-4.2.1-41.el7_9.2',\n 'fence-agents-amt-ws-4.2.1-41.el7_9.2',\n 'fence-agents-apc-4.2.1-41.el7_9.2',\n 'fence-agents-apc-snmp-4.2.1-41.el7_9.2',\n 'fence-agents-aws-4.2.1-41.el7_9.2',\n 'fence-agents-azure-arm-4.2.1-41.el7_9.2',\n 'fence-agents-bladecenter-4.2.1-41.el7_9.2',\n 'fence-agents-brocade-4.2.1-41.el7_9.2',\n 'fence-agents-cisco-mds-4.2.1-41.el7_9.2',\n 'fence-agents-cisco-ucs-4.2.1-41.el7_9.2',\n 'fence-agents-common-4.2.1-41.el7_9.2',\n 'fence-agents-compute-4.2.1-41.el7_9.2',\n 'fence-agents-drac5-4.2.1-41.el7_9.2',\n 'fence-agents-eaton-snmp-4.2.1-41.el7_9.2',\n 'fence-agents-emerson-4.2.1-41.el7_9.2',\n 'fence-agents-eps-4.2.1-41.el7_9.2',\n 'fence-agents-gce-4.2.1-41.el7_9.2',\n 'fence-agents-heuristics-ping-4.2.1-41.el7_9.2',\n 'fence-agents-hpblade-4.2.1-41.el7_9.2',\n 'fence-agents-ibmblade-4.2.1-41.el7_9.2',\n 'fence-agents-ifmib-4.2.1-41.el7_9.2',\n 'fence-agents-ilo-moonshot-4.2.1-41.el7_9.2',\n 'fence-agents-ilo-mp-4.2.1-41.el7_9.2',\n 'fence-agents-ilo-ssh-4.2.1-41.el7_9.2',\n 'fence-agents-ilo2-4.2.1-41.el7_9.2',\n 'fence-agents-intelmodular-4.2.1-41.el7_9.2',\n 'fence-agents-ipdu-4.2.1-41.el7_9.2',\n 'fence-agents-ipmilan-4.2.1-41.el7_9.2',\n 'fence-agents-kdump-4.2.1-41.el7_9.2',\n 'fence-agents-lpar-4.2.1-41.el7_9.2',\n 'fence-agents-mpath-4.2.1-41.el7_9.2',\n 'fence-agents-redfish-4.2.1-41.el7_9.2',\n 'fence-agents-rhevm-4.2.1-41.el7_9.2',\n 'fence-agents-rsa-4.2.1-41.el7_9.2',\n 'fence-agents-rsb-4.2.1-41.el7_9.2',\n 'fence-agents-sbd-4.2.1-41.el7_9.2',\n 'fence-agents-scsi-4.2.1-41.el7_9.2',\n 'fence-agents-virsh-4.2.1-41.el7_9.2',\n 'fence-agents-vmware-rest-4.2.1-41.el7_9.2',\n 'fence-agents-vmware-soap-4.2.1-41.el7_9.2',\n 'fence-agents-wti-4.2.1-41.el7_9.2'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'fence-agents');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-06T17:33:58", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has fence-agents packages installed that are affected by a vulnerability:\n\n - In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.\n (CVE-2020-11078)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.8, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : fence-agents Vulnerability (NS-SA-2021-0028)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11078"], "modified": "2021-03-11T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2021-0028_FENCE-AGENTS.NASL", "href": "https://www.tenable.com/plugins/nessus/147350", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0028. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147350);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/11\");\n\n script_cve_id(\"CVE-2020-11078\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : fence-agents Vulnerability (NS-SA-2021-0028)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has fence-agents packages installed that are\naffected by a vulnerability:\n\n - In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for\n `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same\n server. This vulnerability impacts software that uses httplib2 with uri constructed by string\n concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.\n (CVE-2020-11078)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0028\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL fence-agents packages. Note that updated packages may not be available yet. Please contact\nZTE for more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11078\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.04': [\n 'fence-agents-aliyun-4.2.1-41.el7_9.2',\n 'fence-agents-all-4.2.1-41.el7_9.2',\n 'fence-agents-amt-ws-4.2.1-41.el7_9.2',\n 'fence-agents-apc-4.2.1-41.el7_9.2',\n 'fence-agents-apc-snmp-4.2.1-41.el7_9.2',\n 'fence-agents-aws-4.2.1-41.el7_9.2',\n 'fence-agents-azure-arm-4.2.1-41.el7_9.2',\n 'fence-agents-bladecenter-4.2.1-41.el7_9.2',\n 'fence-agents-brocade-4.2.1-41.el7_9.2',\n 'fence-agents-cisco-mds-4.2.1-41.el7_9.2',\n 'fence-agents-cisco-ucs-4.2.1-41.el7_9.2',\n 'fence-agents-common-4.2.1-41.el7_9.2',\n 'fence-agents-compute-4.2.1-41.el7_9.2',\n 'fence-agents-drac5-4.2.1-41.el7_9.2',\n 'fence-agents-eaton-snmp-4.2.1-41.el7_9.2',\n 'fence-agents-emerson-4.2.1-41.el7_9.2',\n 'fence-agents-eps-4.2.1-41.el7_9.2',\n 'fence-agents-gce-4.2.1-41.el7_9.2',\n 'fence-agents-heuristics-ping-4.2.1-41.el7_9.2',\n 'fence-agents-hpblade-4.2.1-41.el7_9.2',\n 'fence-agents-ibmblade-4.2.1-41.el7_9.2',\n 'fence-agents-ifmib-4.2.1-41.el7_9.2',\n 'fence-agents-ilo-moonshot-4.2.1-41.el7_9.2',\n 'fence-agents-ilo-mp-4.2.1-41.el7_9.2',\n 'fence-agents-ilo-ssh-4.2.1-41.el7_9.2',\n 'fence-agents-ilo2-4.2.1-41.el7_9.2',\n 'fence-agents-intelmodular-4.2.1-41.el7_9.2',\n 'fence-agents-ipdu-4.2.1-41.el7_9.2',\n 'fence-agents-ipmilan-4.2.1-41.el7_9.2',\n 'fence-agents-kdump-4.2.1-41.el7_9.2',\n 'fence-agents-lpar-4.2.1-41.el7_9.2',\n 'fence-agents-mpath-4.2.1-41.el7_9.2',\n 'fence-agents-redfish-4.2.1-41.el7_9.2',\n 'fence-agents-rhevm-4.2.1-41.el7_9.2',\n 'fence-agents-rsa-4.2.1-41.el7_9.2',\n 'fence-agents-rsb-4.2.1-41.el7_9.2',\n 'fence-agents-sbd-4.2.1-41.el7_9.2',\n 'fence-agents-scsi-4.2.1-41.el7_9.2',\n 'fence-agents-virsh-4.2.1-41.el7_9.2',\n 'fence-agents-vmware-rest-4.2.1-41.el7_9.2',\n 'fence-agents-vmware-soap-4.2.1-41.el7_9.2',\n 'fence-agents-wti-4.2.1-41.el7_9.2'\n ],\n 'CGSL MAIN 5.04': [\n 'fence-agents-aliyun-4.2.1-41.el7_9.2',\n 'fence-agents-all-4.2.1-41.el7_9.2',\n 'fence-agents-amt-ws-4.2.1-41.el7_9.2',\n 'fence-agents-apc-4.2.1-41.el7_9.2',\n 'fence-agents-apc-snmp-4.2.1-41.el7_9.2',\n 'fence-agents-aws-4.2.1-41.el7_9.2',\n 'fence-agents-azure-arm-4.2.1-41.el7_9.2',\n 'fence-agents-bladecenter-4.2.1-41.el7_9.2',\n 'fence-agents-brocade-4.2.1-41.el7_9.2',\n 'fence-agents-cisco-mds-4.2.1-41.el7_9.2',\n 'fence-agents-cisco-ucs-4.2.1-41.el7_9.2',\n 'fence-agents-common-4.2.1-41.el7_9.2',\n 'fence-agents-compute-4.2.1-41.el7_9.2',\n 'fence-agents-drac5-4.2.1-41.el7_9.2',\n 'fence-agents-eaton-snmp-4.2.1-41.el7_9.2',\n 'fence-agents-emerson-4.2.1-41.el7_9.2',\n 'fence-agents-eps-4.2.1-41.el7_9.2',\n 'fence-agents-gce-4.2.1-41.el7_9.2',\n 'fence-agents-heuristics-ping-4.2.1-41.el7_9.2',\n 'fence-agents-hpblade-4.2.1-41.el7_9.2',\n 'fence-agents-ibmblade-4.2.1-41.el7_9.2',\n 'fence-agents-ifmib-4.2.1-41.el7_9.2',\n 'fence-agents-ilo-moonshot-4.2.1-41.el7_9.2',\n 'fence-agents-ilo-mp-4.2.1-41.el7_9.2',\n 'fence-agents-ilo-ssh-4.2.1-41.el7_9.2',\n 'fence-agents-ilo2-4.2.1-41.el7_9.2',\n 'fence-agents-intelmodular-4.2.1-41.el7_9.2',\n 'fence-agents-ipdu-4.2.1-41.el7_9.2',\n 'fence-agents-ipmilan-4.2.1-41.el7_9.2',\n 'fence-agents-kdump-4.2.1-41.el7_9.2',\n 'fence-agents-lpar-4.2.1-41.el7_9.2',\n 'fence-agents-mpath-4.2.1-41.el7_9.2',\n 'fence-agents-redfish-4.2.1-41.el7_9.2',\n 'fence-agents-rhevm-4.2.1-41.el7_9.2',\n 'fence-agents-rsa-4.2.1-41.el7_9.2',\n 'fence-agents-rsb-4.2.1-41.el7_9.2',\n 'fence-agents-sbd-4.2.1-41.el7_9.2',\n 'fence-agents-scsi-4.2.1-41.el7_9.2',\n 'fence-agents-virsh-4.2.1-41.el7_9.2',\n 'fence-agents-vmware-rest-4.2.1-41.el7_9.2',\n 'fence-agents-vmware-soap-4.2.1-41.el7_9.2',\n 'fence-agents-wti-4.2.1-41.el7_9.2'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'fence-agents');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-06T17:21:29", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1806-1 advisory.\n\n - In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.\n (CVE-2020-11078)\n\n - httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of \\xa0 characters in the www-authenticate header may cause Denial of Service (CPU burn while parsing header) of the httplib2 client accessing said server. This is fixed in version 0.19.0 which contains a new implementation of auth headers parsing using the pyparsing library. (CVE-2021-21240)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.8, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"}, "published": "2021-07-16T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : python-httplib2 (openSUSE-SU-2021:1806-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11078", "CVE-2021-21240"], "modified": "2021-07-16T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:python2-httplib2", "p-cpe:/a:novell:opensuse:python3-httplib2", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2021-1806.NASL", "href": "https://www.tenable.com/plugins/nessus/151722", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1806-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151722);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/16\");\n\n script_cve_id(\"CVE-2020-11078\", \"CVE-2021-21240\");\n\n script_name(english:\"openSUSE 15 Security Update : python-httplib2 (openSUSE-SU-2021:1806-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1806-1 advisory.\n\n - In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for\n `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same\n server. This vulnerability impacts software that uses httplib2 with uri constructed by string\n concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.\n (CVE-2020-11078)\n\n - httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious\n server which responds with long series of \\xa0 characters in the www-authenticate header may cause\n Denial of Service (CPU burn while parsing header) of the httplib2 client accessing said server. This is\n fixed in version 0.19.0 which contains a new implementation of auth headers parsing using the pyparsing\n library. (CVE-2021-21240)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1171998\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1182053\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DTGWJY2VML3YAAFAOOYJAQP5SZ4X6XWG/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?802ab0db\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-11078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-21240\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python2-httplib2 and / or python3-httplib2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11078\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python2-httplib2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-httplib2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nos_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\npkgs = [\n {'reference':'python2-httplib2-0.19.0-3.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-httplib2-0.19.0-3.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python2-httplib2 / python3-httplib2');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-06T17:38:41", "description": "This update for python-httplib2 contains the following fixes :\n\nSecurity fixes included in this update :\n\n - CVE-2021-21240: Fixed a regular expression denial of service via malicious header (bsc#1182053).\n\n - CVE-2020-11078: Fixed an issue where an attacker could change request headers and body (bsc#1171998).\n\nNon security fixes included in this update :\n\n - Update in SLE to 0.19.0 (bsc#1182053, CVE-2021-21240)\n\n - update to 0.19.0 :\n\n - auth: parse headers using pyparsing instead of regexp\n\n - auth: WSSE token needs to be string not bytes\n\n - update to 0.18.1: (bsc#1171998, CVE-2020-11078)\n\n - explicit build-backend workaround for pip build isolation bug\n\n - IMPORTANT security vulnerability CWE-93 CRLF injection Force %xx quote of space, CR, LF characters in uri.\n\n - Ship test suite in source dist\n\n - Update to 0.17.1\n\n - python3: no_proxy was not checked with https\n\n - feature: Http().redirect_codes set, works after follow(_all)_redirects check This allows one line workaround for old gcloud library that uses 308 response without redirect semantics.\n\n - IMPORTANT cache invalidation change, fix 307 keep method, add 308 Redirects\n\n - proxy: username/password as str compatible with pysocks\n\n - python2: regression in connect() error handling\n\n - add support for password protected certificate files\n\n - feature: Http.close() to clean persistent connections and sensitive data\n\n - Update to 0.14.0 :\n\n - Python3: PROXY_TYPE_SOCKS5 with str user/pass raised TypeError\n\n - version update to 0.13.1 0.13.1\n\n - Python3: Use no_proxy https://github.com/httplib2/httplib2/pull/140 0.13.0\n\n - Allow setting TLS max/min versions https://github.com/httplib2/httplib2/pull/138 0.12.3\n\n - No changes to library. Distribute py3 wheels. 0.12.1\n\n - Catch socket timeouts and clear dead connection https://github.com/httplib2/httplib2/issues/18 https://github.com/httplib2/httplib2/pull/111\n\n - Officially support Python 3.7 (package metadata) https://github.com/httplib2/httplib2/issues/123 0.12.0\n\n - Drop support for Python 3.3\n\n - ca_certs from environment HTTPLIB2_CA_CERTS or certifi https://github.com/httplib2/httplib2/pull/117\n\n - PROXY_TYPE_HTTP with non-empty user/pass raised TypeError: bytes required https://github.com/httplib2/httplib2/pull/115\n\n - Revert http:443->https workaround https://github.com/httplib2/httplib2/issues/112\n\n - eliminate connection pool read race https://github.com/httplib2/httplib2/pull/110\n\n - cache: stronger safename https://github.com/httplib2/httplib2/pull/101 0.11.3\n\n - No changes, just reupload of 0.11.2 after fixing automatic release conditions in Travis. 0.11.2\n\n - proxy: py3 NameError basestring https://github.com/httplib2/httplib2/pull/100 0.11.1\n\n - Fix HTTP(S)ConnectionWithTimeout AttributeError proxy_info https://github.com/httplib2/httplib2/pull/97 0.11.0\n\n - Add DigiCert Global Root G2 serial 033af1e6a711a9a0bb2864b11d09fae5 https://github.com/httplib2/httplib2/pull/91\n\n - python3 proxy support https://github.com/httplib2/httplib2/pull/90\n\n - If no_proxy environment value ends with comma then proxy is not used https://github.com/httplib2/httplib2/issues/11\n\n - fix UnicodeDecodeError using socks5 proxy https://github.com/httplib2/httplib2/pull/64\n\n - Respect NO_PROXY env var in proxy_info_from_url https://github.com/httplib2/httplib2/pull/58\n\n - NO_PROXY=bar was matching foobar (suffix without dot delimiter) New behavior matches curl/wget :\n\n - no_proxy=foo.bar will only skip proxy for exact hostname match\n\n - no_proxy=.wild.card will skip proxy for any.subdomains.wild.card https://github.com/httplib2/httplib2/issues/94\n\n - Bugfix for Content-Encoding: deflate https://stackoverflow.com/a/22311297\n\n - deleted patches\n\n - Removing certifi patch: httplib2 started to use certifi and this is already bent to use system certificate bundle by another patch\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 6.8, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"}, "published": "2021-05-25T00:00:00", "type": "nessus", "title": "openSUSE Security Update : python-httplib2 (openSUSE-2021-772)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11078", "CVE-2021-21240"], "modified": "2021-05-27T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:python2-httplib2", "p-cpe:/a:novell:opensuse:python3-httplib2", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-772.NASL", "href": "https://www.tenable.com/plugins/nessus/149881", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-772.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(149881);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/27\");\n\n script_cve_id(\"CVE-2020-11078\", \"CVE-2021-21240\");\n\n script_name(english:\"openSUSE Security Update : python-httplib2 (openSUSE-2021-772)\");\n script_summary(english:\"Check for the openSUSE-2021-772 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for python-httplib2 contains the following fixes :\n\nSecurity fixes included in this update :\n\n - CVE-2021-21240: Fixed a regular expression denial of\n service via malicious header (bsc#1182053).\n\n - CVE-2020-11078: Fixed an issue where an attacker could\n change request headers and body (bsc#1171998).\n\nNon security fixes included in this update :\n\n - Update in SLE to 0.19.0 (bsc#1182053, CVE-2021-21240)\n\n - update to 0.19.0 :\n\n - auth: parse headers using pyparsing instead of regexp\n\n - auth: WSSE token needs to be string not bytes\n\n - update to 0.18.1: (bsc#1171998, CVE-2020-11078)\n\n - explicit build-backend workaround for pip build\n isolation bug\n\n - IMPORTANT security vulnerability CWE-93 CRLF injection\n Force %xx quote of space, CR, LF characters in uri.\n\n - Ship test suite in source dist\n\n - Update to 0.17.1\n\n - python3: no_proxy was not checked with https\n\n - feature: Http().redirect_codes set, works after\n follow(_all)_redirects check This allows one line\n workaround for old gcloud library that uses 308 response\n without redirect semantics.\n\n - IMPORTANT cache invalidation change, fix 307 keep\n method, add 308 Redirects\n\n - proxy: username/password as str compatible with pysocks\n\n - python2: regression in connect() error handling\n\n - add support for password protected certificate files\n\n - feature: Http.close() to clean persistent connections\n and sensitive data\n\n - Update to 0.14.0 :\n\n - Python3: PROXY_TYPE_SOCKS5 with str user/pass raised\n TypeError\n\n - version update to 0.13.1 0.13.1\n\n - Python3: Use no_proxy\n https://github.com/httplib2/httplib2/pull/140 0.13.0\n\n - Allow setting TLS max/min versions\n https://github.com/httplib2/httplib2/pull/138 0.12.3\n\n - No changes to library. Distribute py3 wheels. 0.12.1\n\n - Catch socket timeouts and clear dead connection\n https://github.com/httplib2/httplib2/issues/18\n https://github.com/httplib2/httplib2/pull/111\n\n - Officially support Python 3.7 (package metadata)\n https://github.com/httplib2/httplib2/issues/123 0.12.0\n\n - Drop support for Python 3.3\n\n - ca_certs from environment HTTPLIB2_CA_CERTS or certifi\n https://github.com/httplib2/httplib2/pull/117\n\n - PROXY_TYPE_HTTP with non-empty user/pass raised\n TypeError: bytes required\n https://github.com/httplib2/httplib2/pull/115\n\n - Revert http:443->https workaround\n https://github.com/httplib2/httplib2/issues/112\n\n - eliminate connection pool read race\n https://github.com/httplib2/httplib2/pull/110\n\n - cache: stronger safename\n https://github.com/httplib2/httplib2/pull/101 0.11.3\n\n - No changes, just reupload of 0.11.2 after fixing\n automatic release conditions in Travis. 0.11.2\n\n - proxy: py3 NameError basestring\n https://github.com/httplib2/httplib2/pull/100 0.11.1\n\n - Fix HTTP(S)ConnectionWithTimeout AttributeError\n proxy_info https://github.com/httplib2/httplib2/pull/97\n 0.11.0\n\n - Add DigiCert Global Root G2 serial\n 033af1e6a711a9a0bb2864b11d09fae5\n https://github.com/httplib2/httplib2/pull/91\n\n - python3 proxy support\n https://github.com/httplib2/httplib2/pull/90\n\n - If no_proxy environment value ends with comma then proxy\n is not used\n https://github.com/httplib2/httplib2/issues/11\n\n - fix UnicodeDecodeError using socks5 proxy\n https://github.com/httplib2/httplib2/pull/64\n\n - Respect NO_PROXY env var in proxy_info_from_url\n https://github.com/httplib2/httplib2/pull/58\n\n - NO_PROXY=bar was matching foobar (suffix without dot\n delimiter) New behavior matches curl/wget :\n\n - no_proxy=foo.bar will only skip proxy for exact hostname\n match\n\n - no_proxy=.wild.card will skip proxy for\n any.subdomains.wild.card\n https://github.com/httplib2/httplib2/issues/94\n\n - Bugfix for Content-Encoding: deflate\n https://stackoverflow.com/a/22311297\n\n - deleted patches\n\n - Removing certifi patch: httplib2 started to use certifi\n and this is already bent to use system certificate\n bundle by another patch\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1171998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182053\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/httplib2/httplib2/issues/11\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/httplib2/httplib2/issues/112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/httplib2/httplib2/issues/123\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/httplib2/httplib2/issues/18\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/httplib2/httplib2/issues/94\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/httplib2/httplib2/pull/100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/httplib2/httplib2/pull/101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/httplib2/httplib2/pull/110\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/httplib2/httplib2/pull/111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/httplib2/httplib2/pull/115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/httplib2/httplib2/pull/117\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/httplib2/httplib2/pull/138\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/httplib2/httplib2/pull/140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/httplib2/httplib2/pull/58\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/httplib2/httplib2/pull/64\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/httplib2/httplib2/pull/90\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/httplib2/httplib2/pull/91\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/httplib2/httplib2/pull/97\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://stackoverflow.com/a/22311297\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected python-httplib2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11078\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python2-httplib2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-httplib2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"python2-httplib2-0.19.0-lp152.6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"python3-httplib2-0.19.0-lp152.6.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python2-httplib2 / python3-httplib2\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-06T17:38:44", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:2116 advisory.\n\n - python-httplib2: CRLF injection via an attacker controlled unescaped part of uri for httplib2.Http.request function (CVE-2020-11078)\n\n - python-httplib2: Regular expression denial of service via malicious header (CVE-2021-21240)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.8, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"}, "published": "2021-05-27T00:00:00", "type": "nessus", "title": "RHEL 8 : Red Hat OpenStack Platform 16.1.6 (python-httplib2) (RHSA-2021:2116)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11078", "CVE-2021-21240"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:python3-httplib2"], "id": "REDHAT-RHSA-2021-2116.NASL", "href": "https://www.tenable.com/plugins/nessus/149997", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:2116. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149997);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/07\");\n\n script_cve_id(\"CVE-2020-11078\", \"CVE-2021-21240\");\n script_xref(name:\"RHSA\", value:\"2021:2116\");\n\n script_name(english:\"RHEL 8 : Red Hat OpenStack Platform 16.1.6 (python-httplib2) (RHSA-2021:2116)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:2116 advisory.\n\n - python-httplib2: CRLF injection via an attacker controlled unescaped part of uri for httplib2.Http.request\n function (CVE-2020-11078)\n\n - python-httplib2: Regular expression denial of service via malicious header (CVE-2021-21240)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/113.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/400.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21240\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2116\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1845937\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1926885\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python3-httplib2 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11078\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(113, 400);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-httplib2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'openstack_16_1_el8': [\n 'openstack-16-tools-for-rhel-8-x86_64-debug-rpms',\n 'openstack-16-tools-for-rhel-8-x86_64-rpms',\n 'openstack-16-tools-for-rhel-8-x86_64-source-rpms',\n 'openstack-16.1-cinderlib-for-rhel-8-x86_64-debug-rpms',\n 'openstack-16.1-cinderlib-for-rhel-8-x86_64-rpms',\n 'openstack-16.1-cinderlib-for-rhel-8-x86_64-source-rpms',\n 'openstack-16.1-deployment-tools-for-rhel-8-x86_64-debug-rpms',\n 'openstack-16.1-deployment-tools-for-rhel-8-x86_64-rpms',\n 'openstack-16.1-deployment-tools-for-rhel-8-x86_64-source-rpms',\n 'openstack-16.1-for-rhel-8-x86_64-debug-rpms',\n 'openstack-16.1-for-rhel-8-x86_64-rpms',\n 'openstack-16.1-for-rhel-8-x86_64-source-rpms'\n ],\n 'openstack_16_el8': [\n 'openstack-16-cinderlib-for-rhel-8-x86_64-debug-rpms',\n 'openstack-16-cinderlib-for-rhel-8-x86_64-rpms',\n 'openstack-16-cinderlib-for-rhel-8-x86_64-source-rpms',\n 'openstack-16-deployment-tools-for-rhel-8-x86_64-debug-rpms',\n 'openstack-16-deployment-tools-for-rhel-8-x86_64-rpms',\n 'openstack-16-deployment-tools-for-rhel-8-x86_64-source-rpms',\n 'openstack-16-devtools-for-rhel-8-x86_64-rpms',\n 'openstack-16-devtools-for-rhel-8-x86_64-source-rpms',\n 'openstack-16-for-rhel-8-x86_64-debug-rpms',\n 'openstack-16-for-rhel-8-x86_64-rpms',\n 'openstack-16-for-rhel-8-x86_64-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'python3-httplib2-0.13.1-2.el8ost', 'release':'8', 'el_string':'el8ost', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openstack-', 'repo_list':['openstack_16_1_el8', 'openstack_16_el8']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python3-httplib2');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "suse": [{"lastseen": "2022-04-18T12:40:27", "description": "An update that fixes two vulnerabilities is now available.\n\nDescription:\n\n This update for python-httplib2 contains the following fixes:\n\n Security fixes included in this update:\n - CVE-2021-21240: Fixed a regular expression denial of service via\n malicious header (bsc#1182053).\n - CVE-2020-11078: Fixed an issue where an attacker could change request\n headers and body (bsc#1171998).\n\n Non security fixes included in this update:\n - Update in SLE to 0.19.0 (bsc#1182053, CVE-2021-21240)\n\n - update to 0.19.0:\n * auth: parse headers using pyparsing instead of regexp\n * auth: WSSE token needs to be string not bytes\n\n - update to 0.18.1: (bsc#1171998, CVE-2020-11078)\n * explicit build-backend workaround for pip build isolation bug\n * IMPORTANT security vulnerability CWE-93 CRLF injection Force %xx quote\n of space, CR, LF characters in uri.\n * Ship test suite in source dist\n\n - Update to 0.17.1\n * python3: no_proxy was not checked with https\n * feature: Http().redirect_codes set, works after follow(_all)_redirects\n check This allows one line workaround for old gcloud library that uses\n 308 response without redirect semantics.\n * IMPORTANT cache invalidation change, fix 307 keep method, add 308\n Redirects\n * proxy: username/password as str compatible with pysocks\n * python2: regression in connect() error handling\n * add support for password protected certificate files\n * feature: Http.close() to clean persistent connections and sensitive\n data\n\n - Update to 0.14.0:\n * Python3: PROXY_TYPE_SOCKS5 with str user/pass raised TypeError\n\n - version update to 0.13.1 0.13.1\n * Python3: Use no_proxy https://github.com/httplib2/httplib2/pull/140\n 0.13.0\n * Allow setting TLS max/min versions\n https://github.com/httplib2/httplib2/pull/138 0.12.3\n * No changes to library. Distribute py3 wheels. 0.12.1\n * Catch socket timeouts and clear dead connection\n https://github.com/httplib2/httplib2/issues/18\nhttps://github.com/httplib2/httplib2/pull/111\n * Officially support Python 3.7 (package metadata)\n https://github.com/httplib2/httplib2/issues/123 0.12.0\n * Drop support for Python 3.3\n * ca_certs from environment HTTPLIB2_CA_CERTS or certifi\n https://github.com/httplib2/httplib2/pull/117\n * PROXY_TYPE_HTTP with non-empty user/pass raised TypeError: bytes\n required https://github.com/httplib2/httplib2/pull/115\n * Revert http:443->https workaround\n https://github.com/httplib2/httplib2/issues/112\n * eliminate connection pool read race\n https://github.com/httplib2/httplib2/pull/110\n * cache: stronger safename\n https://github.com/httplib2/httplib2/pull/101 0.11.3\n * No changes, just reupload of 0.11.2 after fixing automatic release\n conditions in Travis. 0.11.2\n * proxy: py3 NameError basestring\n https://github.com/httplib2/httplib2/pull/100 0.11.1\n * Fix HTTP(S)ConnectionWithTimeout AttributeError proxy_info\n https://github.com/httplib2/httplib2/pull/97 0.11.0\n * Add DigiCert Global Root G2 serial 033af1e6a711a9a0bb2864b11d09fae5\n https://github.com/httplib2/httplib2/pull/91\n * python3 proxy support https://github.com/httplib2/httplib2/pull/90\n * If no_proxy environment value ends with comma then proxy is not used\n https://github.com/httplib2/httplib2/issues/11\n * fix UnicodeDecodeError using socks5 proxy\n https://github.com/httplib2/httplib2/pull/64\n * Respect NO_PROXY env var in proxy_info_from_url\n https://github.com/httplib2/httplib2/pull/58\n * NO_PROXY=bar was matching foobar (suffix without dot delimiter) New\n behavior matches curl/wget:\n - no_proxy=foo.bar will only skip proxy for exact hostname match\n - no_proxy=.wild.card will skip proxy for any.subdomains.wild.card\n https://github.com/httplib2/httplib2/issues/94\n * Bugfix for Content-Encoding: deflate\n https://stackoverflow.com/a/22311297\n - deleted patches\n - Removing certifi patch: httplib2 started to use certifi and this is\n already bent to use system certificate bundle by another patch\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2021-772=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-05-23T00:00:00", "type": "suse", "title": "Security update for python-httplib2 (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11078", "CVE-2021-21240"], "modified": "2021-05-23T00:00:00", "id": "OPENSUSE-SU-2021:0772-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ANZIEBB4AJVGYC2KYDE7RDSTFBBTL5ID/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-04-18T12:40:27", "description": "An update that fixes two vulnerabilities is now available.\n\nDescription:\n\n This update for python-httplib2 contains the following fixes:\n\n Security fixes included in this update:\n - CVE-2021-21240: Fixed a regular expression denial of service via\n malicious header (bsc#1182053).\n - CVE-2020-11078: Fixed an issue where an attacker could change request\n headers and body (bsc#1171998).\n\n Non security fixes included in this update:\n - Update in SLE to 0.19.0 (bsc#1182053, CVE-2021-21240)\n\n - update to 0.19.0:\n * auth: parse headers using pyparsing instead of regexp\n * auth: WSSE token needs to be string not bytes\n\n - update to 0.18.1: (bsc#1171998, CVE-2020-11078)\n * explicit build-backend workaround for pip build isolation bug\n * IMPORTANT security vulnerability CWE-93 CRLF injection Force %xx quote\n of space, CR, LF characters in uri.\n * Ship test suite in source dist\n\n - Update to 0.17.1\n * python3: no_proxy was not checked with https\n * feature: Http().redirect_codes set, works after follow(_all)_redirects\n check This allows one line workaround for old gcloud library that uses\n 308 response without redirect semantics.\n * IMPORTANT cache invalidation change, fix 307 keep method, add 308\n Redirects\n * proxy: username/password as str compatible with pysocks\n * python2: regression in connect() error handling\n * add support for password protected certificate files\n * feature: Http.close() to clean persistent connections and sensitive\n data\n\n - Update to 0.14.0:\n * Python3: PROXY_TYPE_SOCKS5 with str user/pass raised TypeError\n\n - version update to 0.13.1 0.13.1\n * Python3: Use no_proxy https://github.com/httplib2/httplib2/pull/140\n 0.13.0\n * Allow setting TLS max/min versions\n https://github.com/httplib2/httplib2/pull/138 0.12.3\n * No changes to library. Distribute py3 wheels. 0.12.1\n * Catch socket timeouts and clear dead connection\n https://github.com/httplib2/httplib2/issues/18\nhttps://github.com/httplib2/httplib2/pull/111\n * Officially support Python 3.7 (package metadata)\n https://github.com/httplib2/httplib2/issues/123 0.12.0\n * Drop support for Python 3.3\n * ca_certs from environment HTTPLIB2_CA_CERTS or certifi\n https://github.com/httplib2/httplib2/pull/117\n * PROXY_TYPE_HTTP with non-empty user/pass raised TypeError: bytes\n required https://github.com/httplib2/httplib2/pull/115\n * Revert http:443->https workaround\n https://github.com/httplib2/httplib2/issues/112\n * eliminate connection pool read race\n https://github.com/httplib2/httplib2/pull/110\n * cache: stronger safename\n https://github.com/httplib2/httplib2/pull/101 0.11.3\n * No changes, just reupload of 0.11.2 after fixing automatic release\n conditions in Travis. 0.11.2\n * proxy: py3 NameError basestring\n https://github.com/httplib2/httplib2/pull/100 0.11.1\n * Fix HTTP(S)ConnectionWithTimeout AttributeError proxy_info\n https://github.com/httplib2/httplib2/pull/97 0.11.0\n * Add DigiCert Global Root G2 serial 033af1e6a711a9a0bb2864b11d09fae5\n https://github.com/httplib2/httplib2/pull/91\n * python3 proxy support https://github.com/httplib2/httplib2/pull/90\n * If no_proxy environment value ends with comma then proxy is not used\n https://github.com/httplib2/httplib2/issues/11\n * fix UnicodeDecodeError using socks5 proxy\n https://github.com/httplib2/httplib2/pull/64\n * Respect NO_PROXY env var in proxy_info_from_url\n https://github.com/httplib2/httplib2/pull/58\n * NO_PROXY=bar was matching foobar (suffix without dot delimiter) New\n behavior matches curl/wget:\n - no_proxy=foo.bar will only skip proxy for exact hostname match\n - no_proxy=.wild.card will skip proxy for any.subdomains.wild.card\n https://github.com/httplib2/httplib2/issues/94\n * Bugfix for Content-Encoding: deflate\n https://stackoverflow.com/a/22311297\n - deleted patches\n - Removing certifi patch: httplib2 started to use certifi and this is\n already bent to use system certificate bundle by another patch\n\n This update was imported from the SUSE:SLE-15:Update update project. This\n update was imported from the openSUSE:Leap:15.2:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP2:\n\n zypper in -t patch openSUSE-2021-796=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-05-26T00:00:00", "type": "suse", "title": "Security update for python-httplib2 (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11078", "CVE-2021-21240"], "modified": "2021-05-26T00:00:00", "id": "OPENSUSE-SU-2021:0796-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BX6XMG6VSE6RQ4LZXDDXUYZZZ2FYOQM7/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-14T12:00:04", "description": "An update that fixes two vulnerabilities is now available.\n\nDescription:\n\n This update for python-httplib2 fixes the following issues:\n\n - Update to version 0.19.0 (bsc#1182053).\n - CVE-2021-21240: Fixed regular expression denial of service via malicious\n header (bsc#1182053).\n - CVE-2020-11078: Fixed unescaped part of uri where an attacker could\n change request headers and body (bsc#1182053).\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-SLE-15.3-2021-1806=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-07-11T00:00:00", "type": "suse", "title": "Security update for python-httplib2 (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11078", "CVE-2021-21240"], "modified": "2021-07-11T00:00:00", "id": "OPENSUSE-SU-2021:1806-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DTGWJY2VML3YAAFAOOYJAQP5SZ4X6XWG/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhatcve": [{"lastseen": "2022-06-29T08:08:28", "description": "A flaw was found in python-httplib2. An attacker controlling an unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.8, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2020-06-10T13:24:57", "type": "redhatcve", "title": "CVE-2020-11078", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9740", "CVE-2019-9947", "CVE-2020-11078"], "modified": "2022-06-29T05:59:58", "id": "RH:CVE-2020-11078", "href": "https://access.redhat.com/security/cve/cve-2020-11078", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}
Fedora 32 : python-httplib2 (2020-a7a15a9687)
