Lucene search
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2020-CF8EF2F333.NASLHistorySep 01, 2020 - 12:00 a.m.
Fedora 32 : 1:ecj / 1:eclipse / 1:eclipse-emf / 2:eclipse-cdt / batik / etc (2020-cf8ef2f333)
2020-09-0100:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
23
8.9 High
AI Score
Confidence
High
Updates to the latest upstream release of Eclipse. See the upstream release notes for details:
https://www.eclipse.org/eclipseide/2020-06/noteworthy/
Also contains security fixes for CVE-2019-17566 and CVE-2019-17638.
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2020-cf8ef2f333.
#
include('compat.inc');
if (description)
{
script_id(140107);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/22");
script_cve_id("CVE-2019-17566", "CVE-2019-17638");
script_xref(name:"FEDORA", value:"2020-cf8ef2f333");
script_xref(name:"CEA-ID", value:"CEA-2021-0025");
script_xref(name:"CEA-ID", value:"CEA-2021-0004");
script_name(english:"Fedora 32 : 1:ecj / 1:eclipse / 1:eclipse-emf / 2:eclipse-cdt / batik / etc (2020-cf8ef2f333)");
script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"Updates to the latest upstream release of Eclipse. See the upstream
release notes for details:
https://www.eclipse.org/eclipseide/2020-06/noteworthy/
Also contains security fixes for CVE-2019-17566 and CVE-2019-17638.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2020-cf8ef2f333");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-17638");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/07/09");
script_set_attribute(attribute:"patch_publication_date", value:"2020/08/31");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/09/01");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:1:ecj");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:1:eclipse");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:1:eclipse-emf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:2:eclipse-cdt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:batik");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:eclipse-ecf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:eclipse-gef");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:eclipse-m2e-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:eclipse-mpc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:eclipse-mylyn");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:eclipse-remote");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:eclipse-webtools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:jetty");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:lucene");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:univocity-parsers");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:32");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Fedora Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^32([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 32", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC32", reference:"ecj-4.16-4.fc32", epoch:"1")) flag++;
if (rpm_check(release:"FC32", reference:"eclipse-4.16-11.fc32", epoch:"1")) flag++;
if (rpm_check(release:"FC32", reference:"eclipse-emf-2.22.0-2.fc32", epoch:"1")) flag++;
if (rpm_check(release:"FC32", reference:"eclipse-cdt-9.11.1-8.fc32", epoch:"2")) flag++;
if (rpm_check(release:"FC32", reference:"batik-1.13-1.fc32")) flag++;
if (rpm_check(release:"FC32", reference:"eclipse-ecf-3.14.8-4.fc32")) flag++;
if (rpm_check(release:"FC32", reference:"eclipse-gef-3.11.0-13.fc32")) flag++;
if (rpm_check(release:"FC32", reference:"eclipse-m2e-core-1.16.1-1.fc32")) flag++;
if (rpm_check(release:"FC32", reference:"eclipse-mpc-1.8.3-2.fc32")) flag++;
if (rpm_check(release:"FC32", reference:"eclipse-mylyn-3.25.0-3.fc32")) flag++;
if (rpm_check(release:"FC32", reference:"eclipse-remote-3.0.1-6.fc32")) flag++;
if (rpm_check(release:"FC32", reference:"eclipse-webtools-3.18.0-4.fc32")) flag++;
if (rpm_check(release:"FC32", reference:"jetty-9.4.31-2.fc32")) flag++;
if (rpm_check(release:"FC32", reference:"lucene-8.4.1-9.fc32")) flag++;
if (rpm_check(release:"FC32", reference:"univocity-parsers-2.8.4-5.fc32")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "1:ecj / 1:eclipse / 1:eclipse-emf / 2:eclipse-cdt / batik / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fedoraproject | fedora | 1 | p-cpe:/a:fedoraproject:fedora:1:ecj |
| fedoraproject | fedora | 1 | p-cpe:/a:fedoraproject:fedora:1:eclipse |
| fedoraproject | fedora | 1 | p-cpe:/a:fedoraproject:fedora:1:eclipse-emf |
| fedoraproject | fedora | 2 | p-cpe:/a:fedoraproject:fedora:2:eclipse-cdt |
| fedoraproject | fedora | batik | p-cpe:/a:fedoraproject:fedora:batik |
| fedoraproject | fedora | eclipse-ecf | p-cpe:/a:fedoraproject:fedora:eclipse-ecf |
| fedoraproject | fedora | eclipse-gef | p-cpe:/a:fedoraproject:fedora:eclipse-gef |
| fedoraproject | fedora | eclipse-m2e-core | p-cpe:/a:fedoraproject:fedora:eclipse-m2e-core |
| fedoraproject | fedora | eclipse-mpc | p-cpe:/a:fedoraproject:fedora:eclipse-mpc |
| fedoraproject | fedora | eclipse-mylyn | p-cpe:/a:fedoraproject:fedora:eclipse-mylyn |
Related
fedora
fedora
[SECURITY] Fedora 32 Update: eclipse-m2e-core-1.16.1-1.fc32
2020-08-31 15:50:29
[SECURITY] Fedora 32 Update: ecj-4.16-4.fc32
2020-08-31 15:50:28
[SECURITY] Fedora 32 Update: eclipse-ecf-3.14.8-4.fc32
2020-08-31 15:50:28
openvas
openvas
Fedora: Security Advisory for eclipse (FEDORA-2020-cf8ef2f333)
2020-09-02 00:00:00
Fedora: Security Advisory for eclipse-cdt (FEDORA-2020-cf8ef2f333)
2020-09-02 00:00:00
Fedora: Security Advisory for ecj (FEDORA-2020-cf8ef2f333)
2020-09-02 00:00:00
checkpoint_advisories
checkpoint_advisories
Jenkins Jetty Buffer Overflow (CVE-2019-17638)
2020-08-25 00:00:00
prion
prion
Design/Logic Flaw
2020-07-09 18:15:00
Server side request forgery (ssrf)
2020-11-12 18:15:00
osv
osv
Operation on a Resource after Expiration or Release in Jetty Server
2020-08-05 14:52:59
CVE-2019-17638
2020-07-09 18:15:10
CVE-2019-17566
2020-11-12 18:15:12
veracode
veracode
Information Disclosure
2020-07-13 06:03:25
Server-side Request Forgery (SSRF)
2020-06-16 09:19:33
thn
thn
Critical Jenkins Server Vulnerability Could Leak Sensitive Information
2020-08-18 09:55:00
githubexploit
githubexploit
ibm
ibm
freebsd
freebsd
jenkins -- Buffer corruption in bundled Jetty
2020-08-17 00:00:00
cve
cve
CVE-2019-17638
2020-07-09 18:15:00
CVE-2019-17566
2020-11-12 18:15:00
nessus
nessus
FreeBSD : jenkins -- Buffer corruption in bundled Jetty (09ea1b08-1d3e-4bf2-91a1-d6573f4da3d8)
2020-08-18 00:00:00
Jenkins < 2.235.5 LTS / 2.243 Information Disclosure Vulnerability
2020-08-21 00:00:00
openSUSE Security Update : xmlgraphics-batik (openSUSE-2020-851)
2020-07-20 00:00:00
redhatcve
redhatcve
CVE-2019-17638
2020-08-03 20:14:33
CVE-2019-17566
2020-06-18 15:55:19
ubuntucve
ubuntucve
CVE-2019-17638
2020-07-09 00:00:00
CVE-2019-17566
2020-11-12 00:00:00
debiancve
debiancve
CVE-2019-17638
2020-07-09 18:15:00
CVE-2019-17566
2020-11-12 18:15:00
github
github
Operation on a Resource after Expiration or Release in Jetty Server
2020-08-05 14:52:59
Server-side request forgery (SSRF) in Apache Batik
2022-02-09 00:46:46
suse
suse
Security update for xmlgraphics-batik (moderate)
2020-06-23 00:00:00
Security update for xmlgraphics-batik (moderate)
2020-07-23 00:00:00
mageia
mageia
Updated batik packages fix security vulnerabilities
2021-04-02 23:25:05
rosalinux
rosalinux
Advisory ROSA-SA-2023-2239
2023-10-10 08:57:57
redhat
redhat
ubuntu
ubuntu
Apache Batik vulnerabilities
2023-05-30 00:00:00
gentoo
gentoo
Apache Batik: Multiple Vulnerabilities
2024-01-07 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2021
2021-04-20 00:00:00
Oracle Critical Patch Update Advisory - January 2021
2021-01-19 00:00:00
Oracle Critical Patch Update Advisory - October 2022
2022-10-18 00:00:00