Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2022 Tenable Network Security, Inc.JUNIPER_SPACE_JSA10627.NASL
HistoryDec 22, 2014 - 12:00 a.m.

Juniper Junos Space < 13.3R1.8 Multiple Vulnerabilities (JSA10627)

2014-12-2200:00:00
This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.
www.tenable.com
43
JSON

According to its self-reported version number, the remote Junos Space version is prior to 13.3R1.8. It is, therefore, affected by multiple vulnerabilities in bundled third party software components :

  • Multiple vulnerabilities in RedHat JBoss application server. (CVE-2010-0738, CVE-2010-1428, CVE-2010-1429, CVE-2011-5245, CVE-2012-0818)

  • Multiple vulnerabilities in Oracle Java SE JDK.
    (CVE-2012-3143, CVE-2013-1537, CVE-2013-1557, CVE-2013-2422)

  • Multiple vulnerabilities in Oracle MySQL server.
    (CVE-2013-1502, CVE-2013-1511, CVE-2013-1532, CVE-2013-1544, CVE-2013-2375, CVE-2013-2376, CVE-2013-2389, CVE-2013-2391, CVE-2013-2392, CVE-2013-3783, CVE-2013-3793, CVE-2013-3794, CVE-2013-3801, CVE-2013-3802, CVE-2013-3804, CVE-2013-3805, CVE-2013-3808, CVE-2013-3809, CVE-2013-3812, CVE-2013-3839)

  • Multiple vulnerabilities in Apache HTTP Server.
    (CVE-2013-1862, CVE-2013-1896)

  • Known hard-coded MySQL credentials. (CVE-2014-3413)

#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(80195);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/05/25");

  script_cve_id(
    "CVE-2010-0738",
    "CVE-2010-1428",
    "CVE-2010-1429",
    "CVE-2011-5245",
    "CVE-2012-0818",
    "CVE-2012-3143",
    "CVE-2013-1502",
    "CVE-2013-1511",
    "CVE-2013-1532",
    "CVE-2013-1537",
    "CVE-2013-1544",
    "CVE-2013-1557",
    "CVE-2013-1862",
    "CVE-2013-1896",
    "CVE-2013-2375",
    "CVE-2013-2376",
    "CVE-2013-2389",
    "CVE-2013-2391",
    "CVE-2013-2392",
    "CVE-2013-2422",
    "CVE-2013-3783",
    "CVE-2013-3793",
    "CVE-2013-3794",
    "CVE-2013-3801",
    "CVE-2013-3802",
    "CVE-2013-3804",
    "CVE-2013-3805",
    "CVE-2013-3808",
    "CVE-2013-3809",
    "CVE-2013-3812",
    "CVE-2013-3839",
    "CVE-2014-3413"
  );
  script_bugtraq_id(
    39710,
    51748,
    51766,
    56055,
    59170,
    59194,
    59201,
    59207,
    59209,
    59211,
    59224,
    59227,
    59228,
    59229,
    59239,
    59242,
    59826,
    61129,
    61210,
    61222,
    61227,
    61244,
    61249,
    61256,
    61260,
    61264,
    61269,
    61272,
    63109
  );
  script_xref(name:"TRA", value:"TRA-2014-01");
  script_xref(name:"EDB-ID", value:"17924");
  script_xref(name:"EDB-ID", value:"16274");
  script_xref(name:"EDB-ID", value:"16319");
  script_xref(name:"EDB-ID", value:"16316");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/06/15");

  script_name(english:"Juniper Junos Space < 13.3R1.8 Multiple Vulnerabilities (JSA10627)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the remote Junos Space
version is prior to 13.3R1.8. It is, therefore, affected by multiple
vulnerabilities in bundled third party software components :

  - Multiple vulnerabilities in RedHat JBoss application
    server. (CVE-2010-0738, CVE-2010-1428, CVE-2010-1429,
    CVE-2011-5245, CVE-2012-0818)

  - Multiple vulnerabilities in Oracle Java SE JDK.
    (CVE-2012-3143, CVE-2013-1537, CVE-2013-1557,
    CVE-2013-2422)

  - Multiple vulnerabilities in Oracle MySQL server.
    (CVE-2013-1502, CVE-2013-1511, CVE-2013-1532,
    CVE-2013-1544, CVE-2013-2375, CVE-2013-2376,
    CVE-2013-2389, CVE-2013-2391, CVE-2013-2392,
    CVE-2013-3783, CVE-2013-3793, CVE-2013-3794,
    CVE-2013-3801, CVE-2013-3802, CVE-2013-3804,
    CVE-2013-3805, CVE-2013-3808, CVE-2013-3809,
    CVE-2013-3812, CVE-2013-3839)

  - Multiple vulnerabilities in Apache HTTP Server.
    (CVE-2013-1862, CVE-2013-1896)

  - Known hard-coded MySQL credentials. (CVE-2014-3413)");
  script_set_attribute(attribute:"see_also", value:"https://www.tenable.com/security/research/tra-2014-01");
  script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10627");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Junos Space 13.3R1.8 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-3413");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'JBoss JMX Console Deployer Upload and Execute');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_exploithub", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:"CANVAS");
  script_set_attribute(attribute:"exploithub_sku", value:"EH-12-132");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/04/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/05/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:juniper:junos_space");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Junos Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/Junos_Space/version");

  exit(0);
}

include("junos.inc");
include("misc_func.inc");

ver = get_kb_item_or_exit('Host/Junos_Space/version');

check_junos_space(ver:ver, fix:'13.3R1.8', severity:SECURITY_HOLE);
VendorProductVersionCPE
juniperjunos_spacecpe:/a:juniper:junos_space

References

Related

nessus 43
openvas 37
debian 3
ubuntu 4
suse 2
seebug 5
redhat 8
prion 15
cve 15
github 1
osv 2
veracode 14
centos 1
kaspersky 1
freebsd 1
amazon 2
oraclelinux 2
securityvulns 5
gentoo 1
ubuntucve 8
saint 4
cisa_kev 1
mariadbunix 8
attackerkb 2
packetstorm 3
zdt 1
exploitdb 1
canvas 1
threatpost 2
metasploit 1
checkpoint_advisories 2
f5 1
mageia 1
httpd 1
nessus
nessus
MariaDB 10.0.0 < 10.0.3 Multiple Vulnerabilities
2022-11-18 00:00:00
MariaDB 5.5.0 < 5.5.31 Multiple Vulnerabilities
2022-11-18 00:00:00
Debian DSA-2667-1 : mysql-5.5 - several vulnerabilities
2013-05-13 00:00:00
openvas
openvas
Debian Security Advisory DSA 2667-1 (mysql-5.5 - several vulnerabilities)
2013-05-12 00:00:00
Debian Security Advisory DSA 2667-1 (mysql-5.5 - several vulnerabilities)
2013-05-12 00:00:00
MySQL Multiple Unspecified Vulnerabilities - 01
2013-04-22 00:00:00
debian
debian
[SECURITY] [DSA 2667-1] mysql-5.5 security update
2013-05-12 19:35:40
[SECURITY] [DSA 2818-1] mysql-5.5 security update
2013-12-16 15:57:29
[SECURITY] [DSA 2818-1] mysql-5.5 security update
2013-12-16 15:57:29
ubuntu
ubuntu
MySQL vulnerabilities
2013-07-25 00:00:00
Apache HTTP Server vulnerabilities
2013-07-15 00:00:00
MySQL vulnerabilities
2013-04-25 00:00:00
suse
suse
Security update for MySQL (important)
2013-08-30 00:04:13
Security update for mysql, mysql-client (important)
2013-10-07 22:04:14
seebug
seebug
JBoss企业应用平台多个非授权访问漏洞
2010-04-29 00:00:00
JBoss JMX Console Beanshell Deployer WAR upload and deployment
2014-07-01 00:00:00
JBoss addURL Misconfiguration Attack
2011-10-05 00:00:00
redhat
redhat
(RHSA-2010:0379) Critical: JBoss Enterprise Application Platform 4.3.0.CP08 update
2010-04-27 00:00:00
(RHSA-2012:1056) Moderate: resteasy security update
2012-07-05 19:17:51
(RHSA-2012:1059) Moderate: resteasy security update
2012-07-05 00:00:00
prion
prion
Xxe
2012-11-23 20:55:00
Hardcoded credentials
2018-04-05 17:29:00
Design/Logic Flaw
2013-07-17 13:41:00
cve
cve
CVE-2011-5245
2012-11-23 20:55:00
CVE-2013-3793
2013-07-17 13:41:00
CVE-2014-3413
2018-04-05 17:29:00
github
github
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy
2022-05-17 01:50:09
osv
osv
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy
2022-05-17 01:50:09
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy
2022-05-17 01:49:58
veracode
veracode
Authentication Bypass
2019-05-02 04:44:50
Improper Access Control
2019-05-02 04:44:48
Improper Access Control
2019-05-02 04:44:49
centos
centos
mysql security update
2013-04-25 20:16:01
kaspersky
kaspersky
KLA10068 Multiple vulnerabilities in Apache httpd
2013-07-22 00:00:00
freebsd
freebsd
apache22 -- several vulnerabilities
2013-06-21 00:00:00
amazon
amazon
Important: mysql51
2013-04-25 20:40:00
Important: mysql55
2013-04-25 20:40:00
oraclelinux
oraclelinux
mysql security update
2013-04-25 00:00:00
httpd security update
2013-08-13 00:00:00
securityvulns
securityvulns
Business Availability Center / Business Service Management information leakage
2012-01-21 00:00:00
[security bulletin] HPSBMU02736 SSRT100699 rev.1 - HP Business Availability Center &#40;BAC&#41; and Business Service Management &#40;BSM&#41;, Remote Unauthorized Access to Sensitive Information
2012-01-21 00:00:00
Apache security vulnerabilities
2013-07-15 00:00:00
gentoo
gentoo
Apache HTTP Server: Multiple vulnerabilities
2013-09-23 00:00:00
ubuntucve
ubuntucve
CVE-2013-3783
2013-07-17 00:00:00
CVE-2013-3793
2013-07-17 00:00:00
CVE-2013-2391
2013-04-17 00:00:00
saint
saint
RedHat JBoss Enterprise Application Platform JMX Console Authentication Bypass
2010-06-07 00:00:00
RedHat JBoss Enterprise Application Platform JMX Console Authentication Bypass
2010-06-07 00:00:00
RedHat JBoss Enterprise Application Platform JMX Console Authentication Bypass
2010-06-07 00:00:00
cisa_kev
cisa_kev
Red Hat JBoss Authentication Bypass Vulnerability
2022-05-25 00:00:00
mariadbunix
mariadbunix
CVE-2013-3783
2013-07-17 13:41:00
CVE-2013-3794
2013-07-17 13:41:00
CVE-2013-3793
2013-07-17 13:41:00
attackerkb
attackerkb
CVE-2010-0738
2010-04-28 00:00:00
CVE-2010-1428
2010-04-28 00:00:00
packetstorm
packetstorm
JBoss addURL Misconfiguration Attack
2011-10-03 00:00:00
JBoss 4.2.x / 4.3.x Information Disclosure
2018-02-09 00:00:00
JBoss JMX Console Beanshell Deployer WAR Upload And Deployment
2010-06-24 00:00:00
zdt
zdt
JBoss 4.2.x/4.3.x - Information Disclosure Exploit
2018-02-10 00:00:00
exploitdb
exploitdb
JBoss 4.2.x/4.3.x - Information Disclosure
2018-02-10 00:00:00
canvas
canvas
Immunity Canvas: JBOSS_JMXCONSOLE_DEPLOYER
2010-04-28 22:30:00
threatpost
threatpost
JBoss Worm Exploiting Old Bug to Infect Unpatched Servers
2011-10-21 11:50:17
3.2 Million Servers Vulnerable to JBoss Attack
2016-04-18 14:11:34
metasploit
metasploit
JBoss JMX Console Deployer Upload and Execute
2012-07-10 17:33:28
checkpoint_advisories
checkpoint_advisories
RedHat JBoss Enterprise JMX Console Authentication Bypass (CVE-2010-0738)
2010-06-29 00:00:00
Apache HTTP Server mod_dav MERGE Request Denial of Service - Ver2 (CVE-2013-1896)
2014-12-28 00:00:00
f5
f5
SOL14733 - Apache HTTP server vulnerability CVE-2013-1896
2013-10-04 00:00:00
mageia
mageia
Updated apache packages fix CVE-2013-1896
2013-07-26 15:34:30
httpd
httpd
Apache Httpd < 2.2.25 : mod_dav crash
2013-03-07 00:00:00
JSON
Related for JUNIPER_SPACE_JSA10627.NASL
nessus43openvas37debian3ubuntu4suse2seebug5redhat8prion15cve15github1osv2veracode14centos1kaspersky1freebsd1amazon2oraclelinux2securityvulns5gentoo1ubuntucve8saint4cisa_kev1mariadbunix8attackerkb2packetstorm3zdt1exploitdb1canvas1threatpost2metasploit1checkpoint_advisories2f51mageia1httpd1