Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2022-52DEC6351A.NASL
HistoryDec 22, 2022 - 12:00 a.m.

Fedora 36 : 1:nodejs (2022-52dec6351a)

2022-12-2200:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
JSON

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-52dec6351a advisory.

  • A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.16.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks. (CVE-2022-32212)

  • The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS). (CVE-2022-32213)

  • The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).
    (CVE-2022-32215)

  • A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material. (CVE-2022-35255)

  • The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling. (CVE-2022-35256)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2022-52dec6351a
#

include('compat.inc');

if (description)
{
  script_id(169044);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/12");

  script_cve_id(
    "CVE-2022-32212",
    "CVE-2022-32213",
    "CVE-2022-32215",
    "CVE-2022-35255",
    "CVE-2022-35256"
  );
  script_xref(name:"FEDORA", value:"2022-52dec6351a");

  script_name(english:"Fedora 36 : 1:nodejs (2022-52dec6351a)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the
FEDORA-2022-52dec6351a advisory.

  - A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.16.0, <18.5.0 due to an
    insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check
    if an IP address is invalid before making DBS requests allowing rebinding attacks. (CVE-2022-32212)

  - The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse
    and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS). (CVE-2022-32213)

  - The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly
    handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).
    (CVE-2022-32215)

  - A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with
    EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems
    with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can
    (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically
    strong and therefore not suitable as keying material. (CVE-2022-35255)

  - The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not
    terminated with CLRF. This may result in HTTP Request Smuggling. (CVE-2022-35256)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2022-52dec6351a");
  script_set_attribute(attribute:"solution", value:
"Update the affected 1:nodejs package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-35255");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/07/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/11/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/12/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:36");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:nodejs");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Fedora Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');
var os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');
os_ver = os_ver[1];
if (! preg(pattern:"^36([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 36', 'Fedora ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);

var pkgs = [
    {'reference':'nodejs-16.18.1-1.fc36', 'release':'FC36', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (reference && _release) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, '1:nodejs');
}
VendorProductVersionCPE
fedoraprojectfedora36cpe:/o:fedoraproject:fedora:36
fedoraprojectfedoranodejsp-cpe:/a:fedoraproject:fedora:nodejs

Related

openvas 32
fedora 3
nessus 52
suse 10
altlinux 1
debian 1
nodejsblog 2
osv 17
mageia 2
ibm 25
ubuntu 1
oraclelinux 5
almalinux 4
photon 2
rocky 5
redhat 7
ics 1
freebsd 1
prion 3
cve 3
debiancve 3
hackerone 5
veracode 3
ubuntucve 2
redhatcve 3
alpinelinux 2
f5 2
cbl_mariner 2
openvas
openvas
Fedora: Security Advisory for nodejs (FEDORA-2022-de515f765f)
2022-11-29 00:00:00
Fedora: Security Advisory for nodejs (FEDORA-2022-1667f7b60a)
2022-11-29 00:00:00
Fedora: Security Advisory for nodejs (FEDORA-2022-52dec6351a)
2022-11-29 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: nodejs-18.12.1-1.fc37
2022-11-29 01:13:36
[SECURITY] Fedora 36 Update: nodejs-16.18.1-1.fc36
2022-11-29 01:28:04
[SECURITY] Fedora 35 Update: nodejs-16.18.1-1.fc35
2022-11-29 00:57:02
nessus
nessus
Fedora 35 : 1:nodejs (2022-de515f765f)
2022-12-23 00:00:00
SUSE SLES12 Security Update : nodejs16 (SUSE-SU-2022:3524-1)
2022-10-06 00:00:00
SUSE SLES15 Security Update : nodejs16 (SUSE-SU-2022:3615-1)
2022-10-19 00:00:00
suse
suse
Security update for nodejs16 (important)
2022-10-19 00:00:00
Security update for nodejs16 (important)
2022-10-18 00:00:00
Security update for nodejs12 (important)
2022-07-18 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package node version 16.17.1-alt1
2022-09-30 00:00:00
debian
debian
[SECURITY] [DSA 5326-1] nodejs security update
2023-01-24 20:01:20
nodejsblog
nodejsblog
September 23rd 2022 Security Releases
2022-09-15 00:00:00
July 7th 2022 Security Releases
2022-07-07 00:00:00
osv
osv
nodejs - security update
2023-01-24 00:00:00
nodejs vulnerabilities
2023-11-21 09:15:47
Important: nodejs:18 security update
2022-11-08 00:00:00
mageia
mageia
Updated nodejs packages fix security vulnerability
2022-10-01 20:48:24
Updated nodejs packages fix security vulnerability
2022-08-26 00:21:07
ibm
ibm
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js
2022-11-30 10:21:01
Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow
2022-11-02 09:54:34
Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to multiple security vulnerabilities due to its use of NodeJS
2023-02-01 11:01:11
ubuntu
ubuntu
Node.js vulnerabilities
2023-11-21 00:00:00
oraclelinux
oraclelinux
nodejs:18 security update
2022-11-15 00:00:00
nodejs:16 security update
2022-10-18 00:00:00
nodejs security update
2022-10-17 00:00:00
almalinux
almalinux
Important: nodejs security update
2022-10-18 00:00:00
Important: nodejs:18 security update
2022-11-08 00:00:00
Important: nodejs:16 security update
2022-10-17 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2022-0426
2022-07-26 00:00:00
Important Photon OS Security Update - PHSA-2022-3.0-0426
2022-07-26 00:00:00
rocky
rocky
nodejs:18 security update
2022-11-08 10:51:14
nodejs:16 security update
2022-10-17 07:00:47
nodejs security update
2022-10-17 07:00:44
redhat
redhat
(RHSA-2022:7821) Important: nodejs:18 security update
2022-11-08 10:51:14
(RHSA-2022:6964) Important: nodejs:16 security update
2022-10-17 07:00:47
(RHSA-2022:6963) Important: nodejs security update
2022-10-17 07:00:44
ics
ics
Siemens SINEC INS
2023-01-17 12:00:00
freebsd
freebsd
Node.js -- July 7th 2022 Security Releases
2022-07-05 00:00:00
prion
prion
Code injection
2022-12-05 22:15:00
Design/Logic Flaw
2022-12-05 22:15:00
Design/Logic Flaw
2022-07-14 15:15:00
cve
cve
CVE-2022-35255
2022-12-05 22:15:00
CVE-2022-35256
2022-12-05 22:15:00
CVE-2022-32215
2022-07-14 15:15:00
debiancve
debiancve
CVE-2022-35255
2022-12-05 22:15:00
CVE-2022-35256
2022-12-05 22:15:00
CVE-2022-32215
2022-07-14 15:15:00
hackerone
hackerone
Internet Bug Bounty: Use of Cryptographically Weak Pseudo-Random Number Generator in WebCrypto keygen
2023-02-28 07:06:10
Node.js: Weak randomness in WebCrypto keygen
2022-09-02 19:03:49
Node.js: HTTP Request Smuggling Due to Incorrect Parsing of Header Fields
2022-08-20 03:13:30
veracode
veracode
Weak Cryptography
2022-09-27 22:47:18
HTTP Request Smuggling
2022-09-27 22:47:16
HTTP Request Smuggling
2022-07-08 08:18:07
ubuntucve
ubuntucve
CVE-2022-35255
2022-12-05 00:00:00
CVE-2022-35256
2022-12-05 00:00:00
redhatcve
redhatcve
CVE-2022-35255
2022-09-28 13:49:07
CVE-2022-35256
2022-09-28 13:49:17
CVE-2022-32215
2022-07-08 19:17:45
alpinelinux
alpinelinux
CVE-2022-35255
2022-12-05 22:15:00
CVE-2022-35256
2022-12-05 22:15:00
f5
f5
K17011311 : NodeJS vulnerability CVE-2022-35256
2022-12-09 00:00:00
NodeJS vulnerability CVE-2022-32215
2022-11-22 17:02:00
cbl_mariner
cbl_mariner
CVE-2022-35256 affecting package nodejs 14.20.1-2
2022-12-27 17:55:50
CVE-2022-32215 affecting package nodejs 14.18.3-1
2022-08-12 16:45:11
JSON
Related for FEDORA_2022-52DEC6351A.NASL
openvas32fedora3nessus52suse10altlinux1debian1nodejsblog2osv17mageia2ibm25ubuntu1oraclelinux5almalinux4photon2rocky5redhat7ics1freebsd1prion3cve3debiancve3hackerone5veracode3ubuntucve2redhatcve3alpinelinux2f52cbl_mariner2