Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.FREEBSD_PKG_53CAF29B918011EDACBEB42E991FC52E.NASL
HistoryJan 12, 2023 - 12:00 a.m.

FreeBSD : cassandra3 -- multiple vulnerabilities (53caf29b-9180-11ed-acbe-b42e991fc52e)

2023-01-1200:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
JSON

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 53caf29b-9180-11ed-acbe-b42e991fc52e advisory.

  • Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2019-2684)

  • Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869. (CVE-2020-7238)

  • Netty is an open-source, asynchronous event-driven network application framework. The package io.netty:netty-codec-http prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290.
    When Netty’s multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify one’s own java.io.tmpdir when starting the JVM or use DefaultHttpDataFactory.setBaseDir(…) to set the directory to something that is only readable by the current user. (CVE-2022-24823)

  • The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections. (CVE-2022-25857)

  • In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. Additional fix version in 2.13.4.1 and 2.12.17.1 (CVE-2022-42003)

  • In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization. (CVE-2022-42004)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# @NOAGENT@
#
# The descriptive text and package checks in this plugin were
# extracted from the FreeBSD VuXML database :
#
# Copyright 2003-2021 Jacques Vidrine and contributors
#
# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
# HTML, PDF, PostScript, RTF and so forth) with or without modification,
# are permitted provided that the following conditions are met:
# 1. Redistributions of source code (VuXML) must retain the above
#    copyright notice, this list of conditions and the following
#    disclaimer as the first lines of this file unmodified.
# 2. Redistributions in compiled form (transformed to other DTDs,
#    published online in any format, converted to PDF, PostScript,
#    RTF and other formats) must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer
#    in the documentation and/or other materials provided with the
#    distribution.
#
# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#

include('compat.inc');

if (description)
{
  script_id(169936);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/07");

  script_cve_id(
    "CVE-2019-2684",
    "CVE-2020-7238",
    "CVE-2022-24823",
    "CVE-2022-25857",
    "CVE-2022-42003",
    "CVE-2022-42004"
  );

  script_name(english:"FreeBSD : cassandra3 -- multiple vulnerabilities (53caf29b-9180-11ed-acbe-b42e991fc52e)");

  script_set_attribute(attribute:"synopsis", value:
"The remote FreeBSD host is missing one or more security-related updates.");
  script_set_attribute(attribute:"description", value:
"The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple
vulnerabilities as referenced in the 53caf29b-9180-11ed-acbe-b42e991fc52e advisory.

  - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported
    versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to
    exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to
    compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized
    creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible
    data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java
    Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g.,
    code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also
    be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to
    the APIs. (CVE-2019-2684)

  - Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such
    as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because
    of an incomplete fix for CVE-2019-16869. (CVE-2020-7238)

  - Netty is an open-source, asynchronous event-driven network application framework. The package
    `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290.
    When Netty's multipart decoders are used local information disclosure can occur via the local system
    temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications
    running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like
    systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory
    between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify
    one's own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the
    directory to something that is only readable by the current user. (CVE-2022-24823)

  - The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due
    missing to nested depth limitation for collections. (CVE-2022-25857)

  - In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a
    check in primitive value deserializers to avoid deep wrapper array nesting, when the
    UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. Additional fix version in 2.13.4.1 and 2.12.17.1
    (CVE-2022-42003)

  - In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in
    BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is
    vulnerable only with certain customized choices for deserialization. (CVE-2022-42004)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2684");
  script_set_attribute(attribute:"see_also", value:"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7238");
  script_set_attribute(attribute:"see_also", value:"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24823");
  script_set_attribute(attribute:"see_also", value:"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25857");
  script_set_attribute(attribute:"see_also", value:"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003");
  script_set_attribute(attribute:"see_also", value:"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004");
  # https://vuxml.freebsd.org/freebsd/53caf29b-9180-11ed-acbe-b42e991fc52e.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?97cc54c4");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-7238");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/01/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/01/12");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:cassandra3");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"FreeBSD Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");

  exit(0);
}


include("freebsd_package.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);


var flag = 0;

var packages = [
    'cassandra3<3.11.14'
];

foreach var package( packages ) {
    if (pkg_test(save_report:TRUE, pkg: package)) flag++;
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : pkg_report_get()
  );
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
freebsdfreebsdcassandra3p-cpe:/a:freebsd:freebsd:cassandra3
freebsdfreebsdcpe:/o:freebsd:freebsd

Related

freebsd 1
redhatcve 7
prion 6
veracode 8
github 3
cve 6
f5 3
debiancve 6
ubuntucve 6
osv 21
ibm 80
nessus 23
gentoo 1
mageia 2
redhat 5
debian 7
ubuntu 2
openvas 2
oraclelinux 1
almalinux 1
rocky 1
cgr 1
amazon 1
atlassian 4
broadcom 1
freebsd
freebsd
cassandra3 -- multiple vulnerabilities
2023-01-11 00:00:00
redhatcve
redhatcve
CVE-2020-7238
2022-05-14 11:41:00
CVE-2022-24823
2022-05-17 15:01:10
CVE-2019-16869
2019-10-04 16:20:51
prion
prion
Design/Logic Flaw
2020-01-27 17:15:00
Information disclosure
2022-05-06 12:15:00
Design/Logic Flaw
2019-09-26 16:15:00
veracode
veracode
HTTP Request Smuggling
2020-01-31 00:35:33
Information Disclosure
2022-05-09 05:01:24
HTTP Request Smuggling
2019-09-27 08:45:44
github
github
HTTP Request Smuggling in Netty
2020-02-21 18:55:50
Local Information Disclosure Vulnerability in io.netty:netty-codec-http
2022-05-10 08:46:50
HTTP Request Smuggling in Netty
2019-10-11 18:41:23
cve
cve
CVE-2020-7238
2020-01-27 17:15:00
CVE-2022-24823
2022-05-06 12:15:00
CVE-2019-16869
2019-09-26 16:15:00
f5
f5
K75555129 : Netty vulnerabilities CVE-2019-16869 and CVE-2020-7238
2020-07-13 00:00:00
K11175903 : Oracle Java SE vulnerability CVE-2019-2684
2020-01-07 00:00:00
K000132725 : FasterXML vulnerability CVE-2022-42004
2023-03-22 00:00:00
debiancve
debiancve
CVE-2020-7238
2020-01-27 17:15:00
CVE-2022-24823
2022-05-06 12:15:00
CVE-2019-16869
2019-09-26 16:15:00
ubuntucve
ubuntucve
CVE-2020-7238
2020-01-27 00:00:00
CVE-2022-24823
2022-05-06 00:00:00
CVE-2019-16869
2019-09-26 00:00:00
osv
osv
CVE-2021-21290
2021-02-08 20:15:12
Local Information Disclosure Vulnerability in io.netty:netty-codec-http
2022-05-10 08:46:50
CVE-2022-24823
2022-05-06 12:15:08
ibm
ibm
Security Bulletin: IBM Storage Protect Server is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2022-42004, CVE-2022-42003)
2023-06-22 18:28:22
Security Bulletin: There are several vulnerabilities in jackson-databind used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-42003, CVE-2022-42004)
2023-05-02 21:10:24
Security Bulletin: IBM Tivoli Netcool/OMNIbus Probe and Integrations Library are affected by vulnerabilities in FasterXML jackson-databind (CVE-2022-42004, CVE-2022-42003)
2022-12-14 01:45:31
nessus
nessus
SUSE SLED15 / SLES15 Security Update : jackson-databind (SUSE-SU-2022:3995-1)
2022-11-16 00:00:00
GLSA-202210-21 : FasterXML jackson-databind: Multiple vulnerabilities
2022-10-31 00:00:00
Debian DSA-5283-1 : jackson-databind - security update
2022-11-18 00:00:00
gentoo
gentoo
FasterXML jackson-databind: Multiple vulnerabilities
2022-10-31 00:00:00
mageia
mageia
Updated jackson-databind packages fix security vulnerabilities
2024-03-16 19:28:17
Updated netty packages fix a security vulnerability
2021-03-15 00:20:42
redhat
redhat
(RHSA-2022:9032) Important: Red Hat build of Eclipse Vert.x 4.3.4 security update
2022-12-15 12:38:08
(RHSA-2022:8876) Moderate: Red Hat AMQ Broker 7.10.2 release and security update
2022-12-07 08:18:33
(RHSA-2022:0190) Moderate: Satellite 6.10.2 Async Bug Fix Update
2022-01-19 14:32:50
debian
debian
[SECURITY] [DSA 5283-1] jackson-databind security update
2022-11-17 11:17:07
[SECURITY] [DLA 3207-1] jackson-databind security update
2022-11-27 18:53:52
[SECURITY] [DLA 2364-1] netty security update
2020-09-04 18:39:54
ubuntu
ubuntu
Netty vulnerabilities
2020-10-22 00:00:00
Netty vulnerabilities
2020-10-27 00:00:00
openvas
openvas
Debian LTS: Security Advisory for netty (DLA-1941-1)
2019-10-01 00:00:00
Debian Security Advisory DSA 4597-1 (netty - security update)
2020-01-04 00:00:00
oraclelinux
oraclelinux
prometheus-jmx-exporter security update
2022-10-06 00:00:00
almalinux
almalinux
Moderate: prometheus-jmx-exporter security update
2022-10-06 00:00:00
rocky
rocky
prometheus-jmx-exporter security update
2022-10-06 07:13:19
cgr
cgr
CVE-2022-24823 vulnerabilities
2024-04-19 09:08:06
amazon
amazon
Important: snakeyaml
2023-03-02 22:35:00
atlassian
atlassian
Deserialization com.fasterxml.jackson.core:jackson-databind in Jira Software Data Center and Server
2023-11-12 13:45:26
FasterXML Vulnerability in Bamboo Data Center and Server
2023-10-06 17:45:23
FasterXML Vulnerability in Jira Service Management Data Center and Server
2023-10-09 01:44:38
broadcom
broadcom
CVE-2022-42004 -In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur
2023-05-03 00:00:00
JSON
Related for FREEBSD_PKG_53CAF29B918011EDACBEB42E991FC52E.NASL
freebsd1redhatcve7prion6veracode8github3cve6f53debiancve6ubuntucve6osv21ibm80nessus23gentoo1mageia2redhat5debian7ubuntu2openvas2oraclelinux1almalinux1rocky1cgr1amazon1atlassian4broadcom1