DATABASE RESOURCES PRICING ABOUT US

{"id": "NUTANIX_NXSA-AOS-5_16_1_1.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.16.1.1)", "description": "The version of AOS installed on the remote host is prior to 5.16.1.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.16.1.1 advisory.\n\n - The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. (CVE-2019-11599)\n\n - Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2019-13734)\n\n - There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. (CVE-2019-14816)\n\n - A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14895)\n\n - The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls.\n (CVE-2019-14898)\n\n - A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system. (CVE-2019-14901)\n\n - In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow. (CVE-2019-17133)\n\n - In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS;\n however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.\n (CVE-2019-18634)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).\n Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded:\n 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2020-2583)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2020-2590)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking).\n Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded:\n 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2020-2593)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data.\n Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2020-2601)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).\n Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded:\n 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2020-2604)\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. (CVE-2020-2654)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking).\n Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2020-2659)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2022-09-01T00:00:00", "modified": "2023-02-23T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 10.0}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.tenable.com/plugins/nessus/164606", "reporter": "This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2659", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2590", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18634", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17133", "http://www.nessus.org/u?bb6896fc", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11599", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2654", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14816", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2604", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14898", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2593", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2583", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14895", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14901", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13734", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2601"], "cvelist": ["CVE-2019-11599", "CVE-2019-13734", "CVE-2019-14816", "CVE-2019-14895", "CVE-2019-14898", "CVE-2019-14901", "CVE-2019-17133", "CVE-2019-18634", "CVE-2020-2583", "CVE-2020-2590", "CVE-2020-2593", "CVE-2020-2601", "CVE-2020-2604", "CVE-2020-2654", "CVE-2020-2659"], "immutableFields": [], "lastseen": "2023-02-26T16:59:23", "viewCount": 18, "enchantments": {"score": {"value": 0.1, "vector": "NONE"}, "dependencies": {"references": [{"type": "aix", "idList": ["JAVA_APR2020_ADVISORY.ASC", "JAVA_JAN2020_ADVISORY.ASC", "JAVA_JULY2020_ADVISORY.ASC"]}, {"type": "amazon", "idList": ["ALAS-2019-1232", "ALAS-2020-1345", "ALAS-2020-1354", "ALAS-2020-1356", "ALAS2-2019-1232", "ALAS2-2020-1387", "ALAS2-2020-1394", "ALAS2-2020-1396", "ALAS2-2020-1403", "ALAS2-2020-1404"]}, {"type": "androidsecurity", "idList": ["ANDROID:2020-03-01", "ANDROID:2020-09-01", "ANDROID:ANDROID-11"]}, {"type": "apple", "idList": ["APPLE:57687011D0766424B56EB268957F8A8B", "APPLE:HT210919"]}, {"type": "archlinux", "idList": ["ASA-202002-2"]}, {"type": "attackerkb", "idList": ["AKB:4FC938DA-8785-4C40-B075-10CB6394CD91"]}, {"type": "centos", "idList": ["CESA-2019:2029", "CESA-2020:0122", "CESA-2020:0157", "CESA-2020:0196", "CESA-2020:0227", "CESA-2020:0374", "CESA-2020:0375", "CESA-2020:0540", "CESA-2020:0541", "CESA-2020:0632", "CESA-2020:0726", "CESA-2020:0790"]}, {"type": "chrome", "idList": ["GCSA-3475418297324307253"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:3CD9371F7B812821D289B3B89526722F", "CFOUNDRY:4EF44EDC35D1E22AB90D85E4ED1E4E55", "CFOUNDRY:7D5F114602BB1B4781BFC57065F20675", "CFOUNDRY:7D6795462AFD47DE31FD5B40467B68C4", "CFOUNDRY:80ADC4D2DAC039EB92288FD623A42C24", "CFOUNDRY:A005A5D22D18F966EBF6C011F833E895", "CFOUNDRY:AA356DA8CD5E3C69DBEE45AEF6C8C74F", "CFOUNDRY:BD71AB043932448695E8B3D20302D582"]}, {"type": "cve", "idList": ["CVE-2019-11599", "CVE-2019-13734", "CVE-2019-14816", "CVE-2019-14895", "CVE-2019-14898", "CVE-2019-14901", "CVE-2019-17133", "CVE-2019-18634", "CVE-2019-3892", "CVE-2020-2583", "CVE-2020-2590", "CVE-2020-2593", "CVE-2020-2601", "CVE-2020-2604", "CVE-2020-2654", "CVE-2020-2659"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1799-1:F9D71", "DEBIAN:DLA-1799-2:074DF", "DEBIAN:DLA-1824-1:6789E", "DEBIAN:DLA-1930-1:DFCDE", "DEBIAN:DLA-2068-1:83234", "DEBIAN:DLA-2094-1:F2737", "DEBIAN:DLA-2114-1:93D37", "DEBIAN:DLA-2128-1:493E1", "DEBIAN:DLA-2128-1:E0A22", "DEBIAN:DSA-4465-1:304F1", "DEBIAN:DSA-4465-1:DDE47", "DEBIAN:DSA-4605-1:EA4B2", "DEBIAN:DSA-4606-1:01C21", "DEBIAN:DSA-4606-1:D7F34", "DEBIAN:DSA-4614-1:25A3A", "DEBIAN:DSA-4614-1:4BB88", "DEBIAN:DSA-4621-1:E16D0"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-11599", "DEBIANCVE:CVE-2019-13734", "DEBIANCVE:CVE-2019-14816", "DEBIANCVE:CVE-2019-14895", "DEBIANCVE:CVE-2019-14898", "DEBIANCVE:CVE-2019-14901", "DEBIANCVE:CVE-2019-17133", "DEBIANCVE:CVE-2019-18634", "DEBIANCVE:CVE-2020-2583", "DEBIANCVE:CVE-2020-2590", "DEBIANCVE:CVE-2020-2593", "DEBIANCVE:CVE-2020-2601", "DEBIANCVE:CVE-2020-2604", "DEBIANCVE:CVE-2020-2654", "DEBIANCVE:CVE-2020-2659"]}, {"type": "exploitdb", "idList": ["EDB-ID:47995"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:85F0996F33708A916D6E6939F32D550F"]}, {"type": "f5", "idList": ["F5:K04043655", "F5:K19533600", "F5:K47227224", "F5:K50315101", "F5:K51674118", "F5:K54811521", "F5:K62103028", "F5:K91327225", "F5:K95453343"]}, {"type": "fedora", "idList": ["FEDORA:04868606351B", "FEDORA:0552760DDBA6", "FEDORA:224AE608F491", "FEDORA:267796076024", "FEDORA:344346042F3E", "FEDORA:371E06040B12", "FEDORA:3972A60A351B", "FEDORA:4002B609954A", "FEDORA:4CEF5610D7CA", "FEDORA:511A7608E6E1", "FEDORA:5180160A98F9", "FEDORA:51B856067EB8", "FEDORA:58B4460D22EC", "FEDORA:59E3F606D998", "FEDORA:5BC786077CC2", "FEDORA:6014560A35D1", "FEDORA:628EB603ECD0", "FEDORA:754F860A98ED", "FEDORA:803AE30C6416", "FEDORA:804E860A98ED", "FEDORA:9471A606D8C2", "FEDORA:94BC060A4ECF", "FEDORA:9801060D30FA", "FEDORA:BF5EC607125E", "FEDORA:C1EA6603ECEC", "FEDORA:C4D496071279", "FEDORA:C63656040AE1", "FEDORA:C7391611860D", "FEDORA:CB0956087865", "FEDORA:E26056094E46", "FEDORA:EC9F26076D31"]}, {"type": "freebsd", "idList": ["B4E5F782-442D-11EA-9BA9-206A8A720317"]}, {"type": "gentoo", "idList": ["GLSA-202003-08", "GLSA-202003-12", "GLSA-202101-19"]}, {"type": "githubexploit", "idList": ["2E525E69-5A49-5E2F-B76F-9E06715E441F", "AAF3DEB1-88BD-5176-9483-A456AAFE612E", "AB347EAD-65B1-562A-8FD9-80E8A574DF1F", "D3CFD896-44D6-534E-BA71-ADD62B7E2B36", "D4B7C259-1ACA-548E-8810-DEC22C1460CD", "D520E95F-5547-5CF2-9DD1-D57A74CFEE87", "E698DD70-D921-5E9F-9509-5FEDAEFCF8F1"]}, {"type": "ibm", "idList": ["017704F263DE498C81E38DCD35C1B649CAC8F2B6DA67887C1DC1F132F6BB1B85", "02372BB95E80FEBB3F4C0EDDB60D767813459FF5F1AA49CA993E9AF801012934", "038FC6FC32ADA76051B86D8EC9A28BCB8180BA43C6D4FE4B024AAB068E75C977", "0444E52FAB9025773782E5354A2FB187FF6E7E569F4F47BA159D2326A0D1F77E", "049759B1D5421ABE3E83A71D032E850BC0F5FD7B89FF7113E36CC5FC4AD7ACBD", "05FA7A6FECA57F2CDC18AA8601FFE769F365C89CA7A8A4A64C71821B699FCBCE", "08382CF5553CB60BBAC21C338E155F745267EB1822043DBC4403188C9FB0BBB6", "09B467A690A375FEDE58982F66B115C3C14F7CA2BBD41FF09935D70B60A8DE19", "0AF44030170DD5D957DFDF43A4F1F6D53BF74A36302A9511410AF5585710B3E1", "0B09741FE06E2E625FB963A5453D96B370F6DAD3A083406E8DC077D44E61E93F", "0B514A4D985C804E9D871718A449B020E5562B0C9B2D2EEC8954ED21993BE345", "0B5B5926FEA915F4A87817295F9680EE2CD489066C2233DBD1DE9415F3256752", "0D52379972AC05F5FC604E8E8D08771C518A83622281FBBCB1618B17559FBE16", "0EA5DDF7D8ED330966222EC13380158E6377EB3E625758DBCE9B763B67A0B659", "0EC3EB1A4765F9C940914A7C89057639E72383731BE6502A92F0F01A42D0CB76", "0FC7CED4B78FA51F433FBF3BAC439FB6F67980E97861DB61D5E227DA0D8C5CFF", "0FDDE6A08B461D29C2AE5E7667527E75DE2ADD7BD595A38370A51E3EB55E24EF", "10133ED41E7996603598BE958B25E473B502094237506616CFD35BF178C04ABD", "126B68DF7D94FF4A271BD328B84B0F650FD1FEDE6DF7EA0D1451383DA938C9AB", "1292286F29372CD8F681A7B073DE92BE1736555827B7FF4E4ACCDF53A7880964", "14CE1C0F0672808C0E65E21F3A2B51E9E6A07DE08545CA9662A13423765AA94B", "151664D44B7940A78C0F29EC88272FD346BD06DCBAFEA5C9CAD32616E0EB8352", "153E6A7F45307CFCCB059FF4B2B47706B9B7537249313FCA40E45F238F62CC08", "157962F9B3DB294165DFF14635E6089F37B7870F261E4208696A5FE06EE6F43C", "161108AA134D79208CDC97DC8C1767C247F27AFB996662C016C5FFA947B51754", "186A812EC8BE685A06A82835F2DB07583B9993F84BEE52B1FF4EC449933BE498", "188E2EFC9960F668714D843E317115DF913F18A2FDCE258D3CD5B68DC806D78A", "18D984242422866F95B81DD465CAB967B26797D13E68A166EDB40E265805B71C", "192CDA805E5F87481C341E0BFE5C832FE604B0303D069C5C770E80C302FE7C8A", "1A72C91F6CA7EEB9FAAA834618698CCB61EEC973896F1BBF5482067FC7922767", "1AF10453648DF6E50FD13383CAC3354F1BE62A0DBDCD7504B40FFEBA471BA53F", "1D527A951F660BFCA1836671A2A328C87E8B448B01A672269419352520CFA6F1", "1F00311C133EFB9C8719841CB187257E5256EFA863E515FEA28336292A7471C0", "204ADCCC258487D6D5F8C848C95DAB38413055F4AFD05DFCF56FD7435CBF7C69", "209015250B80439611FDB1F1A2369A99A49321230511D7CABA730B14E74555E6", "22DFDD1FF1BBF70D9C813ACA916818103631328A11AEED7718476AD8FD37F722", "2357DB8297BEA926D301BE9958B5D9840454C354F7418394A6CE21491EFB28D2", "2372DC3D7CE5EB7343AB1B7F8117E7D7973FD8B0B4C7F48EC72F7DAA7722441A", "23BEE634200B9E4FA6BA5050B092CB2E8A6676B9A96B4091423D6C937390F9F2", "240EC331B4740D6B70360359CAB6A8BD3720C206F1640F720CD7C8DDE996ABD3", "2440C30E614FCEFD84EA4DAA2AFCF397C1F2661D57BE8867516314EC72175761", "24AC55C7B7B8EAE76861640D8FE63967C2D6AC120B7117F39C2E95E98BD6B38F", "24C1EF78324E60477B0E47B81687325BFAB11B34F8AFE6263FEE7EE70052E3FB", "2537F49BC389A32095FFD04DD90ABD8C245F9F959B3040D4B3B584792F460CCA", "255519D8FC08936029278A93200D3FB4DB86381789F43C66E18CDB6CBF5F7090", "26AE7E28F5E270B5CFD52AEBA6B32C6108986FCB5CA6AAA5326CB8FD0CA73D23", "276311EA26EA41FBAE81DFB3042788416A0F2799192780CD6BCD5F7081C47F5C", "281EA77DACE3CB0D203B13E8D960659321E00D0D3AD04C8DD174EF67ABD3975C", "284CBBA54738CDCC2622E07BFF9F42EFB12F4C1E6C35828AFF50C39142CB2FB4", "28C9D324C04B7FC9ADDA03C476DBA4B48C2F0DF60CBDE796D0F0C8D2F9B4B2B5", "291A11B053B2918EA077355BE96CC41C7A3C251A50D4A852FC3D0F5B7D13AB3D", "2990C49388FF9A7A95B59BB697358FE746DA4981EA6BE3E4B10DBE45541B3A35", "29B7E8A593B85D211D961E858CD47DDE4578E14A3B0026D2CCBE046945B264FD", "29F531986D8179652F6C1E43A35C26016DB15EAB1F44193216051478664161D6", "2A983186A18AA1F913AEF800B4C60D2AC7C684254587378CEE189FFC5D3B64B6", "2B258825B481BEABD4EE36A758556F643B92CE36BE6FD1E093D5212AC6442E77", "2C667B664D1138B9E26FEEA57AC8A2DC296113D6B6825F553961186FF3571959", "2C79518BB9F288432B5A73B591807F72728C310F80DD4B9E249F3E42D9AB73C6", "2C79ED95B1DDF725C67F241D5C01546FA0476ABBA3CE0E75B8B5CD09C4F93D6C", "2CACBE41D36AF402D83999A57D2375400B28085518F96D7CC3A00E4877AD60EF", "2EF3DB4BFA3E12C4A33894FD2811178CB01A4CB8AB742EFCD63E1707D79B5780", "2FE1744F98154D972959A5B3C1ADD859354AF637B8F1F4F9A05859DF014332A6", "2FE97BC0DB8A3B1BCF85FF8F69828770D4396C7CC3ABD37202D8089D2CADF87B", "2FEDCA99A32964BFF6DBDE002EB4B2F410B145AE312DF12377E547C72DABA460", "3180B65135ED076EBC40E84457FBD56F4194E10FBC96990E6A5A4C6C76779DE8", "318BCB52FA17252557986CEAF25CB3771570A1E2E09915579AC27A10F5B3ED09", "318F53449ACC53366C464B243849BD2A4ADA7E7AE12BFD36706B8B665CA42F2E", "32EB80235F63631068A875B3706EBE57E1F30F49ABBD86F94E0D61C950097183", "368CBA51B2BD334DED3AEF02F93D8E2C55F25EE9132836348C71D421CF78CEF0", "3757DB8A424DB88E245C8F0EDDFE6FE06F8170406FA58010670CD76C8A1ED47C", "3776AD70996EFBADDF76FD6F5AC351B73A4F834D590F094BE2C19B1B4B356D05", "377816BD0C2BB466FAB6827FC6600396C12FFB682B080658BFA602992BF877B8", "37DB81C8898C236A111B799AAF66BD234156F998C56157416D1E7D09F99E655C", "38B90E9B0DC10E4DC76F9F12DDEC2E7A19565B69C0B9D2A17405DEAA2D6CB5E3", "39427C69BCDFE8C0B02333381F4C6BC6D4CADF9B5F4D8EDC7C60BFB08C08E1F5", "3A2DFE6DD59E30D471FBD4C15F6019CFD0C300A08FA6AAD5FE0B4152BFE1CDF9", "3B4BABF4CE1C991071EF3F21C072A350BF812A85FD4B68B4EB9D5804B3FB97BF", "3C4BFCBB3C717294BFF59B59F2618AEFAAABAFB8378CF9BFB5509B69E9275659", "3DEA543F812B23E125C9088AF5301DA14AAE88C8C7706F25F22571DF88A6C6A0", "3DF0EBC27CDC2FA0AE7D540516E7AD82FDC079933E2D3F08627E09F6B9903EB8", "3EFA60BD710C6B4A11A5019EFB5EDFB39DBB8C2B14BF8A0CEF3706BED64762E9", "3F165D58EE48A0720F7D463AA93C65D50F9A941DCC6D565F609CE31843B0FDAD", "406FDBAFB731CB22F016C816A536C261EEC243D0EF0DBD325B6391902BC9ABA6", "422537CB7DA0B51EC03742C69732BF7E841E49D8E76EB1282D4AADCB1A08526A", "429AD41B13975D95838FE9C93B4B502F02FEB96917B0AD0763F73D82B9CC21FF", "43739857C7C042606D3BC94E04BCD5E4A895A202D76EF8963B70E7D32C62210D", "43889098AF27B56E1AAC2C0ADC87D15751A2B0CCE3BF25260E32BBE3CCA7CE93", "448D8F7A10C8011486C5D85D70C3471DFB15CA561C67B60B7E1CB2BA83B724FA", "45D0E6362EAAD0FF8BA2A916838616D92ACF32C45B5CEECF557F58369F188EF6", "47C4639A3EF53144FBA7A24BF07D00F061D787E4D1C384E58F223AE28CC86EBB", "480D58613122A96AD57968DE0F88508E140E15C861137E188E543C73FB125099", "48B39E85816F2411F53331874775EF245CA226C6E0E6C4CBFAEC618ABDC8B5D4", "49B8460E9D95F7D50E840B7B70FCE2EB364A1ED8ECA0CA0A121E41DC89B55B92", "4B81A3DC7183611B0415ECCB103AB240ADE5C0EC9DE7E70D4BD375223AA0228C", "4BB2759DF5CBB6BF54A7D60BF1046942C755D661255DAAC4EF3C0614D1A3AF9A", "4BB64F82620533514180FBBD22D98224D4AD27139725A0E485662BE0A8761B58", "4C29716DFAF2F94028196CDA699F5D37E499BD0F8473507DD5764A5100BA3D10", "4CA88475F4285A9E6CAE70AFBA4E732B29EB74893449A83EFFDFC90B390E82CA", "4E20FF6980EF77F8F7C53E254EBEB9AF129EF6EDA938A5BDE9CFA46C95393000", "5068E580B2716B61E0BDE3052C7FEF5E5362490263DE0124D897EF42BD96435A", "51BD39BEE25909EEED0BF937C11093CF42A13C4AB4AB282A7A46125DC62BF978", "52C55E3F117BEC5A4C81BD07F073C455C3A77B620B813ED54D4AAF265197A27D", "5338F5C63C28CFD2FC543F1BEE97CE2095080C242AAD9300A504573A0A0EEE7C", "53514A62D7D9E2E178325FAF1EFBB4FF93020BF2D45F01788543FEAA40036C15", "54E445CDA1B6D464E8EE07BFFEA8105E14A5BCC492D50E718CD98D48B5DCB9A5", "54F95B012C42E1776CDC45BEE152DE0DB2BABDE488693A1FA812D235885A3D0C", "559469A7B8757C4FEC68A2691E04AAA4DF305CE5C4C155425773CC2309F217A0", "55A93A7413D2D17A9FC66D4B2521DEABB349CEC50132C7B6CFC63FBFD532E88F", "56163C4E007DEE70225DB50B4AB2AA4BF3EE1E7FDBFEBA9ABB7FD03338374A02", "5710A9F486CA3B34842B504EBB99FC18D9E73CA47B6554192CDD159C1848D8C8", "5A867D53BF1C045A91BAF34174E260F4492ED9458A27BBD0E5EC08B506CD1CBE", "5ABDB8E8FF34B80C89910A575CC3A19BCB906094A7EAF6B0B05A2411E4E3E5FE", "5B98A1EDC68552BE80877B6A6315E7D94125AAF6F6DAA4196EC4B5C5E1555123", "5BD96B871BD05434767C34A2EFE7173A927EDB78FC30CDF5580CD68CDA14B279", "5E5C0D906DDDB47A53D421884B82DB26FA92E0D0156BE9B4817E7CB7FE473930", "5F1E522907674359F402A2020625D76DEC18F78C51601FDF6F1CC062F78B5BC6", "625BC356F4B1E0407BFEB403346EE4E242A661F463DCB5FEFBD553D0EB23DA53", "64936DB1043AFFB68ACA6293C18288E8B3D8252A6898115168646F4A5B00CE7B", "655FA693F075B15B02ED5F3550E038AEB5F311F84F9BBF05F07D4EF8A2E7A57A", "66FD1EFC7F653046FECD369AECA85C05AB267A5B3073E95A62357DE593A182DE", "68318E96223B524CE42AC6750332E148C674DE71092AF157B51DD782B15BF046", "6A8DB2CBB1AC03D014A4BD1C57790E168C02866F5520B9B9A5388636B656F01D", "6ABEA86F95DECD03C32F5BD7AF2042BF07A1C544724C672F6BFA6EC88894C596", "6B664CCE2190B12216972B3550FAAE4685B736F87954DBB6453900D5AC87DDD4", "6D9CDA8999A9DACC3CC92F31C9B635358761E015053E1E28134A4EC64E7814D4", "6F7D56A1A333BB392C947AE686388E1EC7908A912E30605A97D4FC4D9229ADF3", "71775F8B80AF3BBF0CF10F0859E199AE222B899F2C8DF45901295ABF96EB12C8", "7294EA54DC7B16106E4A4EA97B3222F45083B261C6D6170F4FF7B3B25814F4FE", "73F18A672E0FB0ED169AFEB1298A7157F2481ACDD9C9CE73639F7965906C8E6E", "74739E18871CD2FB6A97BEDD24781C04A58FE3EE477E9B04BC96DF3C5CC0B134", "76D8E68912848DE153B9BA6733006E171A772A367F2F5215E86AC1E208F9B644", "77C9C6375B124FB74B41D2803B9D15B70F1BFFAB59760B5E3B62D8B85AD60B47", "77E3B133711A229EE6F6FD193085A960ED9886D3E5BC54FAB473CB3C4E40D0AF", "78A23A47DB00C0627D9DF05F678C808426D04DD0A8CCAE5E98BA35B0CF4A99EF", "793630FB7FDADAF7CD108829F2AB10D62CA00AE8BF922A393F4236220B6A6A97", "7B5FB804698B3D35AF883F3D831514AE33ED2DB1AD6280373A1A1F360CAE9AF9", "7B649300424F565FB2EB90238FD66B935E9BE82E310628FBD96DFDDDCD1321A4", "7BCA26BB8F608B43A4FC09B8EEF859621BA00CC22C5FAB8CD10873E324561C23", "7C9BDD06BF159B454C3BFD20226B34DBB4EE268B25DF4CDE9AE4899932DD2F00", "7D00342863B1B28E48CA30E36FCA81958BC7DACB93ACE050ED87341D3933AD65", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "7E908C54FE9150C3B09D4779711C48C66901453652E1833B9998EC652FE7B869", "7F8C5B286D46F7C07594D83B9BEAA8FFE7516BE4B7A585530E218AC7EB0CDC1F", "81C1E90B442C2A0414E332CFEC7A9AF52F07B9A1EB108BD38590638A55A2FA32", "81D5F6F41E5617EDA7FF694BBE43496FC48B7577BB4C9C238127ECCCB1D40118", "8271DA3A40630C2ED7F6D3D137F6651932C4B2E5976E9E2E07E160409BF14EAC", "8275C3B123771E721297381D0F66E5CCB99C5D5EA14F12413C6DF109D950665B", "82936D00277BFB24D711DDE526D1CD366BD17ED7C68CDF976B86CBD7574AE2B5", "8343E9418889E0C118D423FFF70EEFCA49C5A897A2BE7161660C3B81899A5554", "84B9767DD7A78C0C9B3DE5B3A8C3B40CEF4B6327D1D273F478B76F150BC36FAF", "85BBE6E40D91A5BCFCD22B8339EFFD737F1DA713C1EB7F4E7F877D2EDB4B3E80", "8740019E07D20644145884886F423212F696418E42B226B6F8C03245820CDE6E", "8776FEDA4BF548B972219DEAA9137D6753C0BB6BD63258402F5068E288568FA1", "877DC5435C2CAACA85AAF999F8AF3AE3464E12D069C816B739BA5A9C79C5BF5E", "88CA564F4DDB0802DF0DABBB1B2D9B63B5E7F65C00DE5112D86A906BD37EFFFF", "89644963C09306BFED75F10E0E61B2E3DCF72B68045675FA54DF9219B54962E4", "89ACD9F772F249B8C3461CAEACC63B4E64EE23BA141F53B980F09E35E1EFF2B4", "8AF1EAAAF442835E1677369F8903EC8A857B4F2915891FC5F6BC69C9571BC493", "8D665301B18803AA4E00AFB5A3D842CD3A0E8810B93F62D1EBFA03754CB12F99", "8ED1CF98246B1BB39BBB907E1332BDBA42BA9E794B648D0BEC875EBAA967F66A", "8EE7DDBA05D33B836D8AF358160D9FD6C0D36E9D5DDB2CEB0BFC877DAC32340C", "8F3EB917B7F8A33D3C9801ABDAF30FC37462F5C9450454A5A970C38AB31C00E0", "8F6CC64B7C1D182ABC7251BFF8924BA1D8B73224511670C7FF24148A5021A89B", "901986F3574AAF8B9243FC01A9CD48E2FFE3FDD7022BBFF4780FA438EA048CF1", "90284591499066B48777BA7F0A369D6D77E1E66D9BA6B7B854E327D45FBE9674", "92C244BD15E0AC6C95C623B0974CEBA4601F56411F46EA0ECC54250192EF3D5C", "93103DADB47ECE291CD24302A51EE0EE88EEE2951FB5B11AFCC18EA14B53296D", "93F5956C0571EC02D2231FA66A9130E61A7B245AF21B0A172B0D7E01DA91EA75", "951422AC4D34772C04D6974CCF33FA86CC1A3BB7B2E9AE9004E5656D9C947C24", "957A69E77ED99F70661E5FD60BCA2DC90D289F2C92C4BBCFD18444E0316584F3", "95EE9077B1626300D3C4C950694E5DC63243CBED3A6A1D802F0A6517315F33B7", "96D74959156BE072A37E89E21EBB49160CB0F9630EAAA5B17891951B12795532", "9769C770CC5F50C55D8B2B70C37242E5C393D87DD8AF321023F41FB3EA5B27AE", "97D67741319318E81054E38AD279FB564C39D7BF2F071B94561D66348CDD350B", "98C91A759DB95828CCF2E2922067EBE61B117F532F8DC9BB7A2EDC7439EFB9EC", "9B32B407F64E41668F3AB29B39E444D6C7ABA53FB15EA994831CA5D41D1D2F31", "9B660B8617E225EE7D2F0FBE75C900E17955D654A6DC9038425DA4C8A54818E4", "9BC04820B3D2F340C08DC345180E3407C737F18117086BC346C786C231089084", "9D7527E9AE384387F197DF3C822BDCD79FB7BFDF6B43D9A2075894AAA6B80068", "9D75987588ECCEB544330F89FBC18B4A75DD9BE7578E7A378F22270D500ABD22", "9E113648EBE5AB8A487BF4CB8374FA774657243D8C2194E0CED619D7E5512265", "9E1A73B7CEF0622B38C9FDA7811140992B55ACE9017230D1055BDC0453ED72C8", "9EAED1F5FB3762874ED935AF686A504F1630ADB20AA5EBFAE97EAEEEA4C0DAF8", "9F66635E788451ECC29439A86EC4CAC24B9901A52995EBAB94DAB1E5A51715A6", "9FFDFB54E44522CD84C40BBA459137D1309CEEA5B8584327B536848DE4912ECE", "A0F4D50333488A0E7047171B2CD4107DA8446CCF12638FBFE3B70E75C6BDA97F", "A18A9720C1D629ABCA693B2DEF0DBE3723F9496295BE0DB3D86261822B9D1D78", "A330005D49E2DE9D5BB7AEB1FFF23C2CE2ECD165D6C58311145C72736B358907", "A35FA27005C23B9D1D481239C977458BB789CDD7C2BFB93A90867A0F29F39E7F", "A37E43CE241CA136827071D65D84CAEB4C2B06D69E2817C2649277A110C5DC0A", "A4F91E36C4B372A0AAF3400EFA5B0CC73FDE22D1B3FB09A67E8FD163CFA6CC21", "A543E954AB7DF7CF33F468B97B00C6D58EAE36720E47DFDED3D3953FD05AB814", "A58485ED1187EA4E51CA143194463C493EBEFDAF1129D1A7BD7970544FD73FC3", "A5A892259BF44584524D97B2CB83E9150F24F7E5C20081122730CDDBEA729805", "A7091906DFD80052FAA8ED3478A61AFDFCE959988C96DE805466D167EAB989EC", "A8B1328EDAD509E1D76C6016AE0790BC81F18C61790542709096AA8E663BAEC6", "A8F16316B1C438B37EB5F392BDC12A93DB340198F1A25F0861FF6F930EAD0A90", "A975355C6C98AF138FF9356F7F5CE174598E1020951A9A9022AE858ADC98F74C", "AAF2FA7FD15AE939038D6C9E7055E11E107021B36E7558072E05E05FEDB4E3D2", "AB9E1F618E295ED2016F2311EDD2F8570371E9C7D690FD62D71D7428FD71F423", "AC5DE01326AFA37CBA7F799502684F57AF3D9271EC49734648DB7797522AF2E8", "ACCF7BEF92F82DFEFE6A3BDE9E388E5845EE6CBE3AA7C4BEEA8645B599E38714", "ADBB2DE655A33A904B7E8B7ECF3F9EAFAC0866161D56E6F99E6CCD88E2DB4C7F", "AF0ED05937D76DB0E417FE7101E7E092E25F09251AB205CF7D97E0EE1A6575FF", "B02898F5DB2F42071BF277510F68D2650C6DD60CF0E9459DC2212351C49BE536", "B090C42F93FE1359D0D7958D41C1D01C87BCCB93D2DC7A191B7CF10AAAC42251", "B0A45CB551A212004F67CB37E137C4F8BDE8F8943B137919DC68C8ADB0B15896", "B0BBC00C8CB691226CA012955ACC5DF18F87A448E1024EA4FF2C9176A206BFCE", "B348869423AD305EF06F6125D94B0E67CA250BD5CE95B618BA3D6BA8C942DBCD", "B376697D94C07F1504F6F7CC76592D72B72271660B20A0E84E7E783B78E070E2", "B4307BBCBC3DD291CCC612B78E3395FFE15AAD33019D4926B0AFCE945EA4DAF2", "B53107D22B9BB8364258839E231586601304C7667CB1C142114350369648B2B3", "B599429672D35F0898136CCC25113D8FA5E242634C8CEB73C87851525F0DA4BB", "B5C2099CFF3357CBA3115D89DFD595C76C121CB993BED55588356890BC1E23D4", "B5F67701491BE8F8D050063E7249D9A858D16DF526B2CEC5D03DC4A6E1E10322", "B661B0438E88E8CDB0D4BD901FE6861511AA0E05853E89B58F30744224999717", "B6B48FFE7AB3EA28F6D01C68E4FE8FB3D7980289E53E0EDE8B69C25B2481EBDA", "B6EBC8701CCD64D9EEAA77298F908890F7F39F36DE2671D50F47F6DA74BC09D0", "B7F4BCF65DF491688895B4FB198ADC71AA5257509A70F1E45DD1EE57F9850073", "B810CEED30AD5267543A02D3C0053BA8EF77FFA1864849FBAC26FC29B478A564", "B812D770D5313C7BE37CB4E928ED1042C22296FD500CC30DFA3CDF191C68E91F", "B8629798C0A7620E8722910704639F897428736B6273CD66CBC1FC799BBB38DA", "BBD1373A8600487139D329F2FA19580348F9267EDE96F1D1EDBC5F565E2AC2A9", "BD977661318E062C3D7CD9489E8046FC2046332EE0DB7C799753E276CD8ECED7", "BE23B6EB61158B6C5D8A3F7ECB1B1BACF3945E2C59C6B0EC8C9CE40126D53C99", "BED3DC99A05AE750F4F593EB125F4248D2818A07A4634FCC899E8A45EE49E86F", "BF4171FFF49CC8203A49900BDC100D2C73B3101AEA612FC46C31E0A0163CDB26", "C0BAD1C431F2B4E739BB3060AD777A585B1895B14110ACB28FAE581619333FE5", "C0BC1250C49C29390CF8AC6B8872B237162737B6D5DE2C395306410229DA6241", "C1E2FB0E4C0095EEF95FDF6DD252D9C64C585A32D103F2FFC45F43EEFE58A58A", "C246517FD5FC9B1778BB785CAC7D486CDCEA75F5110BBBA5A13F9E54060B3EE8", "C24FFCCB48F399A7C434277223E68A8D6539ECE42F14F764B1724FCC1CE8B425", "C2D6F29054FFB056410CE1D3348427B6C8F3350992A5BC7838FB4A2522A0AC53", "C2E7B2FB82954B11A11B223CC0C7E98DDDEF0A0EECC58174B03028843424CC21", "C43D2CB156B7BD39FC113EAD22568306F95463D3E29CC3A697EB085F142533BB", "C51F505B617080D28C33D6D7DB89417FD5A8D20FBECE880430A1601A0A52A3C7", "C6E3B0D93DB2A48288F13023E714CAE420AECCE85E046684E6B390CDEA80F610", "C76EFBF0D3D0F60E228E7715D5DF48E931C5D7C581861A2601AF18536FBAA2F2", "C7BF9E3DE547E76D7B7B89B7E31D72468FCCCF0D24D3580B01C6BA30FC2F324D", "C80170FAE7512B62E4673479961CB718244CFCF6A1208F745C7FAB97070967EE", "C87CF71851BA68BC97A4939C6F2926C8F70F87DB0DEBDC12EA3D08826C5EC4D9", "C8805CB7A9877952E3B667A528AE49619053A2D7DB5F1F65CA2C84C382A15EAE", "CA3C9AADA39680360DAEA4E8792E1017895CFD055E35AC85B4646686615108DA", "CC52198AD3F23560953BF151D90349EF0CABE56DFE69CEF6329DB70160FB3AEE", "CC884D7545EAF7EDA51C13432F09122B80D4B32D671F35A2BBCE3653D0FA7AB8", "CCF97B63EA4EA3C4DE199ACB904BF6B37E1A0FDEDEDEF9375E8720D1CA3098A8", "CEA8FEBEBD755E25CDC9DE7E215C4927313FC37724C74ECF67875E57EFC04C4B", "CEFB2CDD169330DA5EC688A529952C2E9694D94C3E8E4A50C9011E9A9F7FD71F", "D150682EF9FF403C35F28AC5DA53AD20574DBAB12EA934E2B1380D5F993369F1", "D194D58E0A1A30A0734C8FE6DA58EC7FC6797984D1E7201650FDE265591EEC82", "D1CB85104D6425EADABAF28CF6CF9EB9A90389B1D6AFFC5FE976A773A70523CD", "D1EE65B724C053B8C531DB8F905A57DF1D402D875E50E3E22DD86A5856E65A9D", "D2A8C45D22C5E13178B6FB7AC0806A276070B9610D455DB9839CFF431430E0CF", "D34F3A00CADCEA279D5D3BD3FAEA45903471BBA9FB098A7926938588D21AF8B7", "D480A38A7712C84D266B19C13CDB65AF8265DF0829266A2BBDBE7B4DC7F24A2D", "D4DE68FE501751823A417AA7296DF55CDDF16A865C2E69A69A383DC4C7E151A4", "D51F886DF649B193D2BF4BFCA1F548FB3C4B30713C8B0376CBF061D3C52C1959", "D5C5E49BA15F237A9C5FF1FF98E73DDCDFCCB21B91C3951AB804C1DB3B85C7CB", "D5C784C851BFA51869BB7B33A60063A4D95B1E44B5B1B6882E1E4F09CBC87952", "D5F8A3BA57336D5F62EBAB5F06D1D880AA261067D1F9397FC2C96564014EBFBA", "D70732F34B118191D39BB0A8B3F01D9E0CFAEED3DBAE17E06CA2D69D35B66B29", "D7EDBDD1AA8C38720CCAA0532E8A0938B3C0F41DA542DAAEA77BEAC40848B4DE", "DB5C4843714C3B6FE6F22056DA72142411A13EE19DCE1AE7BD105B5606C46498", "DBEFE73D8EE59160B86C646BCEFECE402430694EEE042811C3A8536943F5878F", "DC7C4253F916EDED09A9719F885BD071B017505EFFB5F33BCAF27CAB375A5173", "DC8B783B9EAA31C03B1E404FC721223E232D2BB78FAD1F0FF5BCC2915BC8629E", "DDDB0EC538898A52974C4252FCD95918B7867E2FD00314B217401791A102EEDF", "DED1DE4F13AA0E54B43175C1EC27FB32BCA4029DA007A39C8EB2FFD8C728E974", "E180E391C606694452D6653F47E92CB5ED0C4BF804E2799B94B1A61DC7735033", "E2957241DF0185A99D147775C578113319A7FEAA89DDE258F97F007CFAE79E53", "E349C817CC286A0591D87EACAF1AC76FF2626F8CAB9B74BA655425B1BC519E5D", "E5806582B0DAC27F2443D35FC3FB403009E2DAF3AC951A21C42A0A61821276E2", "E61704116594C0F985783E8C47672E56C63608669278D655F6CFBF7DD604DA04", "E61FF499B7EFFD92A0884B1108A602A50283CF6842D88D47BD14A9C1F5EC2065", "E6A1D8578C3ACFD51AC59D87ADEA0F1116C6A22E9D9F308EB8C06BA174CC303F", "E97DB2C954E513038435D86F5C3DF2F3BC5F825BBBAEE200529899293BB6EC72", "E9B094875CD2B5848F6A36165BCA28995E5211182785709CC0C6718B4D22F6A8", "EAAA1FF0E3B9E9518ED528D0D3AB6E603ABD22498FC360654BF5AFF8AB2D068E", "ECBF7E6796EA20DB32604144C1F5C387D94E458633E334BCB850DC2A3074CDD5", "ED03174EE315C44093FFE14B8A8A378A735CD4B9C7251ABBBD3B039C1F3A3365", "ED7787E1F1D8E29D696FF55CABE7526F6688C3EA3DF141E45F1DE563704108CE", "ED9F7166CA202FBB1ADD92EED36739FD82AC9A77977822834C24101F8A3B7247", "EE2468CD17C505EFE46ACE480E96AF3AAC6DA75749FBAE6939594509060AB1FB", "EE3562F2436AE977B19689784E345CCDE7552541F8EFE79A721ED9EAEAFB7B04", "EE9276B55CFEFD5C72532E7A9A6E8A80C73DBFBB1139B28E4BE8ABEAAF4FD18B", "EEAB729AB069E268DB36780B513ADACFEC53F68601D2A353817B53553B548A4E", "EEB59CE81E88B6CE10F98C4A8F591D138F5BEAC293A1860A47F8A0A043ECDD49", "EF57286A516F0C5BE749AD9831433F3235DFCD83984D4121E02165F46CE97652", "F0AFFAB5446BEF6A6B346CA7237A1583252E55B1EA002352E7DFDFFB5796363C", "F17F17388338ABFBD67080E32D9032234111B4BE5E374C8AD804AF7B8769BCC4", "F7283916CCF52A7D897ACED313AACEF7E287BA7117F4BB159BB1B33294EC2F1C", "F745D009EF3FE6831CECA9A1D44514DBC86EA321DB5659536F06E0B84BF5D5E9", "F7A2FB1095724C0FC9ADDAC98FFF309E356E8ECDDB49CA432AA4F24FB5F4FA6D", "F84FB8B0773598F78827E1ADB3A6A9D22608CC8C5ED5056206B7967240EF65A8", "F857A1C2BD207670B6BC0B637DD08B52D3617D5E57D2344235323B1F03A6911F", "F9AD06C50230E8ABAA815E45C597EF41D173AE23406424AB72607082C827072B", "F9EBF3A6DB0C83634163AB1D241CE2F77FF0D4D0D0F434D365754379F2929370", "FA83FA96638ECCC5FE0B2EBECF79AB927D4E143A6B5A6C196A3C14EDCF9E66C3", "FB2510ED4A5C005DB02475B1EDEA3395FA7B2D514DC6415C30E7661A2D9EA587", "FB461B8C9ADB1C603244A48769C1093934CEEACD9657516CFA0EDB341ACAA317", "FBAAC6957F352AD1DB4C448D2EB85F9948B845DD6E5B52C5039A57047DA68C43", "FDE6500490C37F84426E1A226E3FA6011785039410CC7854F07C25294831EF00", "FE41D51565A7C29318454F190AB01F8C605657AA11B2779B531DFD8882C0462D", "FE54CFE937F2DA5795DDD68480E564629351A0806639F2A5F33EDAE216E03FD1", "FE5A75E2674E3A954976CA7480FE30450BFC40F47930B14A81EBD11A3AB87FD2", "FEAF0BB5153532B94D01FECEB863D6B2ED416A8AF5E46EF4D99B555860C882EC"]}, {"type": "kaspersky", "idList": ["KLA11621", "KLA11646", "KLA11718"]}, {"type": "kitploit", "idList": ["KITPLOIT:1380526137884005801"]}, {"type": "lenovo", "idList": ["LENOVO:PS500321-NOSID"]}, {"type": "mageia", "idList": ["MGASA-2019-0170", "MGASA-2019-0171", "MGASA-2019-0172", "MGASA-2019-0287", "MGASA-2019-0288", "MGASA-2019-0333", "MGASA-2020-0041", "MGASA-2020-0069", "MGASA-2020-0070", "MGASA-2020-0078", "MGASA-2020-0081", "MGASA-2020-0089"]}, {"type": "nessus", "idList": ["AL2_ALAS-2019-1232.NASL", "AL2_ALAS-2020-1387.NASL", "AL2_ALAS-2020-1394.NASL", "AL2_ALAS-2020-1396.NASL", "AL2_ALAS-2020-1403.NASL", "AL2_ALAS-2020-1404.NASL", "ALA_ALAS-2019-1232.NASL", "ALA_ALAS-2020-1345.NASL", "ALA_ALAS-2020-1354.NASL", "ALA_ALAS-2020-1356.NASL", "AMAZON_CORRETTO_11_0_6_10_1.NASL", "AMAZON_CORRETTO_8_242_07_1.NASL", "CENTOS8_RHSA-2019-3517.NASL", "CENTOS8_RHSA-2020-0128.NASL", "CENTOS8_RHSA-2020-0202.NASL", "CENTOS8_RHSA-2020-0273.NASL", "CENTOS8_RHSA-2020-0339.NASL", "CENTOS8_RHSA-2020-0487.NASL", "CENTOS_RHSA-2019-2029.NASL", "CENTOS_RHSA-2020-0122.NASL", "CENTOS_RHSA-2020-0157.NASL", "CENTOS_RHSA-2020-0196.NASL", "CENTOS_RHSA-2020-0227.NASL", "CENTOS_RHSA-2020-0374.NASL", "CENTOS_RHSA-2020-0375.NASL", "CENTOS_RHSA-2020-0540.NASL", "CENTOS_RHSA-2020-0541.NASL", "CENTOS_RHSA-2020-0632.NASL", "CENTOS_RHSA-2020-0726.NASL", "CENTOS_RHSA-2020-0790.NASL", "DEBIAN_DLA-1799.NASL", "DEBIAN_DLA-1824.NASL", "DEBIAN_DLA-1930.NASL", "DEBIAN_DLA-2068.NASL", "DEBIAN_DLA-2094.NASL", "DEBIAN_DLA-2114.NASL", "DEBIAN_DLA-2128.NASL", "DEBIAN_DSA-4465.NASL", "DEBIAN_DSA-4605.NASL", "DEBIAN_DSA-4606.NASL", "DEBIAN_DSA-4614.NASL", "DEBIAN_DSA-4621.NASL", "EULEROS_SA-2019-1588.NASL", "EULEROS_SA-2019-1612.NASL", "EULEROS_SA-2019-1635.NASL", "EULEROS_SA-2019-1639.NASL", "EULEROS_SA-2019-1672.NASL", "EULEROS_SA-2019-2106.NASL", "EULEROS_SA-2019-2201.NASL", "EULEROS_SA-2019-2274.NASL", "EULEROS_SA-2019-2283.NASL", "EULEROS_SA-2019-2309.NASL", "EULEROS_SA-2019-2353.NASL", "EULEROS_SA-2019-2531.NASL", "EULEROS_SA-2019-2599.NASL", "EULEROS_SA-2020-1012.NASL", "EULEROS_SA-2020-1042.NASL", "EULEROS_SA-2020-1111.NASL", "EULEROS_SA-2020-1112.NASL", "EULEROS_SA-2020-1135.NASL", "EULEROS_SA-2020-1158.NASL", "EULEROS_SA-2020-1181.NASL", "EULEROS_SA-2020-1186.NASL", "EULEROS_SA-2020-1197.NASL", "EULEROS_SA-2020-1307.NASL", "EULEROS_SA-2020-1342.NASL", "EULEROS_SA-2020-1349.NASL", "EULEROS_SA-2020-1395.NASL", "EULEROS_SA-2020-1396.NASL", "EULEROS_SA-2020-1434.NASL", "EULEROS_SA-2020-1435.NASL", "EULEROS_SA-2020-1536.NASL", "EULEROS_SA-2020-1564.NASL", "EULEROS_SA-2020-1581.NASL", "EULEROS_SA-2020-1606.NASL", "EULEROS_SA-2020-1662.NASL", "EULEROS_SA-2020-1674.NASL", "EULEROS_SA-2020-1785.NASL", "EULEROS_SA-2020-1883.NASL", "EULEROS_SA-2020-2033.NASL", "EULEROS_SA-2020-2196.NASL", "EULEROS_SA-2020-2237.NASL", "EULEROS_SA-2020-2238.NASL", "EULEROS_SA-2021-1056.NASL", "EULEROS_SA-2021-1310.NASL", "EULEROS_SA-2021-1627.NASL", "EULEROS_SA-2021-1657.NASL", "EULEROS_SA-2022-2616.NASL", "F5_BIGIP_SOL51674118.NASL", "FEDORA_2019-1A10C04281.NASL", "FEDORA_2019-4C91A2F76E.NASL", "FEDORA_2019-8846A1A5A2.NASL", "FEDORA_2019-91F6E7BB71.NASL", "FEDORA_2019-97380355AE.NASL", "FEDORA_2020-4355EA258E.NASL", "FEDORA_2020-8B563BC5F4.NASL", "FREEBSD_PKG_B4E5F782442D11EA9BA9206A8A720317.NASL", "GENTOO_GLSA-202003-08.NASL", "GENTOO_GLSA-202003-12.NASL", "GENTOO_GLSA-202101-19.NASL", "GOOGLE_CHROME_79_0_3945_79.NASL", "IBM_JAVA_2020_01_14.NASL", "MACOSX_GOOGLE_CHROME_79_0_3945_79.NASL", "MACOS_HT210919.NASL", "NEWSTART_CGSL_NS-SA-2019-0180_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0183_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0247_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0253_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2020-0010_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2020-0014_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2020-0022_JAVA-1_8_0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2020-0025_SUDO.NASL", "NEWSTART_CGSL_NS-SA-2020-0047_SUDO.NASL", "NEWSTART_CGSL_NS-SA-2020-0048_JAVA-1_7_0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2020-0050_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2020-0096_SQLITE.NASL", "NEWSTART_CGSL_NS-SA-2020-0096_SUDO.NASL", "NEWSTART_CGSL_NS-SA-2020-0108_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2020-0117_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2021-0001_SUDO.NASL", "NEWSTART_CGSL_NS-SA-2022-0075_KERNEL.NASL", "NUTANIX_NXSA-AOS-5_11_3.NASL", "NUTANIX_NXSA-AOS-5_16_0_1.NASL", "NUTANIX_NXSA-AOS-5_16_1.NASL", "NUTANIX_NXSA-AOS-5_17.NASL", "OPENJDK_2020-01-14.NASL", "OPENSUSE-2019-1716.NASL", "OPENSUSE-2019-1757.NASL", "OPENSUSE-2019-2173.NASL", "OPENSUSE-2019-2181.NASL", "OPENSUSE-2019-2392.NASL", "OPENSUSE-2019-2444.NASL", "OPENSUSE-2019-2675.NASL", "OPENSUSE-2019-2692.NASL", "OPENSUSE-2020-113.NASL", "OPENSUSE-2020-147.NASL", "OPENSUSE-2020-244.NASL", "ORACLELINUX_ELSA-2020-0122.NASL", "ORACLELINUX_ELSA-2020-0128.NASL", "ORACLELINUX_ELSA-2020-0157.NASL", "ORACLELINUX_ELSA-2020-0196.NASL", "ORACLELINUX_ELSA-2020-0202.NASL", "ORACLELINUX_ELSA-2020-0227.NASL", "ORACLELINUX_ELSA-2020-0339.NASL", "ORACLELINUX_ELSA-2020-0374.NASL", "ORACLELINUX_ELSA-2020-0540.NASL", "ORACLELINUX_ELSA-2020-0541.NASL", "ORACLELINUX_ELSA-2020-0632.NASL", "ORACLELINUX_ELSA-2020-0726.NASL", "ORACLELINUX_ELSA-2020-0790.NASL", "ORACLELINUX_ELSA-2020-5541.NASL", "ORACLELINUX_ELSA-2020-5569.NASL", "ORACLELINUX_ELSA-2020-5670.NASL", "ORACLELINUX_ELSA-2020-5676.NASL", "ORACLELINUX_ELSA-2020-5715.NASL", "ORACLELINUX_ELSA-2020-5845.NASL", "ORACLELINUX_ELSA-2020-5866.NASL", "ORACLELINUX_ELSA-2021-9002.NASL", "ORACLELINUX_ELSA-2021-9459.NASL", "ORACLEVM_OVMSA-2020-0019.NASL", "ORACLEVM_OVMSA-2020-0044.NASL", "ORACLEVM_OVMSA-2021-0001.NASL", "ORACLEVM_OVMSA-2021-0031.NASL", "ORACLEVM_OVMSA-2021-0035.NASL", "ORACLE_JAVA_CPU_JAN_2020.NASL", "ORACLE_JAVA_CPU_JAN_2020_UNIX.NASL", "PHOTONOS_PHSA-2019-1_0-0235_LINUX.NASL", "PHOTONOS_PHSA-2019-2_0-0160_LINUX.NASL", "PHOTONOS_PHSA-2019-2_0-0189_LINUX.NASL", "PHOTONOS_PHSA-2019-3_0-0015_LINUX.NASL", "PHOTONOS_PHSA-2020-1_0-0290_OPENJDK11.NASL", "PHOTONOS_PHSA-2020-2_0-0235_OPENJDK11.NASL", "PHOTONOS_PHSA-2020-3_0-0084_OPENJDK11.NASL", "REDHAT-RHSA-2019-2029.NASL", "REDHAT-RHSA-2019-2043.NASL", "REDHAT-RHSA-2019-3309.NASL", "REDHAT-RHSA-2019-3517.NASL", "REDHAT-RHSA-2019-4238.NASL", "REDHAT-RHSA-2020-0100.NASL", "REDHAT-RHSA-2020-0103.NASL", "REDHAT-RHSA-2020-0122.NASL", "REDHAT-RHSA-2020-0128.NASL", "REDHAT-RHSA-2020-0157.NASL", "REDHAT-RHSA-2020-0174.NASL", "REDHAT-RHSA-2020-0179.NASL", "REDHAT-RHSA-2020-0196.NASL", "REDHAT-RHSA-2020-0202.NASL", "REDHAT-RHSA-2020-0204.NASL", "REDHAT-RHSA-2020-0227.NASL", "REDHAT-RHSA-2020-0229.NASL", "REDHAT-RHSA-2020-0231.NASL", "REDHAT-RHSA-2020-0232.NASL", "REDHAT-RHSA-2020-0273.NASL", "REDHAT-RHSA-2020-0328.NASL", "REDHAT-RHSA-2020-0339.NASL", "REDHAT-RHSA-2020-0374.NASL", "REDHAT-RHSA-2020-0375.NASL", "REDHAT-RHSA-2020-0465.NASL", "REDHAT-RHSA-2020-0467.NASL", "REDHAT-RHSA-2020-0468.NASL", "REDHAT-RHSA-2020-0469.NASL", "REDHAT-RHSA-2020-0470.NASL", "REDHAT-RHSA-2020-0487.NASL", "REDHAT-RHSA-2020-0509.NASL", "REDHAT-RHSA-2020-0540.NASL", "REDHAT-RHSA-2020-0541.NASL", "REDHAT-RHSA-2020-0543.NASL", "REDHAT-RHSA-2020-0592.NASL", "REDHAT-RHSA-2020-0609.NASL", "REDHAT-RHSA-2020-0632.NASL", "REDHAT-RHSA-2020-0653.NASL", "REDHAT-RHSA-2020-0661.NASL", "REDHAT-RHSA-2020-0664.NASL", "REDHAT-RHSA-2020-0726.NASL", "REDHAT-RHSA-2020-0790.NASL", "REDHAT-RHSA-2020-0831.NASL", "REDHAT-RHSA-2020-0856.NASL", "REDHAT-RHSA-2020-1266.NASL", "REDHAT-RHSA-2020-1347.NASL", "REDHAT-RHSA-2020-1353.NASL", "REDHAT-RHSA-2020-1493.NASL", "REDHAT-RHSA-2020-2014.NASL", "REDHAT-RHSA-2020-2236.NASL", "REDHAT-RHSA-2020-2237.NASL", "REDHAT-RHSA-2020-2238.NASL", "REDHAT-RHSA-2020-2239.NASL", "REDHAT-RHSA-2020-2241.NASL", "REDHAT-RHSA-2020-3386.NASL", "REDHAT-RHSA-2020-3387.NASL", "REDHAT-RHSA-2020-3388.NASL", "REDHAT-RHSA-2020-5585.NASL", "SLACKWARE_SSA_2019-202-01.NASL", "SLACKWARE_SSA_2019-311-01.NASL", "SLACKWARE_SSA_2020-031-01.NASL", "SLACKWARE_SSA_2020-086-01.NASL", "SL_20190806_KERNEL_ON_SL7_X.NASL", "SL_20200116_JAVA_11_OPENJDK_ON_SL7_X.NASL", "SL_20200121_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20200122_JAVA_1_8_0_OPENJDK_ON_SL7_X.NASL", "SL_20200127_SQLITE_ON_SL7_X.NASL", "SL_20200205_KERNEL_ON_SL7_X.NASL", "SL_20200218_JAVA_1_7_0_OPENJDK_ON_SL7_X.NASL", "SL_20200218_SUDO_ON_SL7_X.NASL", "SL_20200227_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SL_20200305_SUDO_ON_SL6_X.NASL", "SL_20200311_KERNEL_ON_SL6_X.NASL", "SUSE_SU-2019-14218-1.NASL", "SUSE_SU-2019-1823-1.NASL", "SUSE_SU-2019-1829-1.NASL", "SUSE_SU-2019-1851-1.NASL", "SUSE_SU-2019-1852-1.NASL", "SUSE_SU-2019-1854-1.NASL", "SUSE_SU-2019-1855-1.NASL", "SUSE_SU-2019-2412-1.NASL", "SUSE_SU-2019-2414-1.NASL", "SUSE_SU-2019-2424-1.NASL", "SUSE_SU-2019-2430-1.NASL", "SUSE_SU-2019-2648-1.NASL", "SUSE_SU-2019-2738-1.NASL", "SUSE_SU-2019-2821-1.NASL", "SUSE_SU-2019-2829-1.NASL", "SUSE_SU-2019-2879-1.NASL", "SUSE_SU-2019-2946-1.NASL", "SUSE_SU-2019-2947-1.NASL", "SUSE_SU-2019-2949-1.NASL", "SUSE_SU-2019-2950-1.NASL", "SUSE_SU-2019-2953-1.NASL", "SUSE_SU-2019-2984-1.NASL", "SUSE_SU-2019-3200-1.NASL", "SUSE_SU-2019-3237-1.NASL", "SUSE_SU-2019-3295-1.NASL", "SUSE_SU-2019-3316-1.NASL", "SUSE_SU-2019-3317-1.NASL", "SUSE_SU-2019-3371-1.NASL", "SUSE_SU-2019-3379-1.NASL", "SUSE_SU-2019-3381-1.NASL", "SUSE_SU-2019-3389-1.NASL", "SUSE_SU-2020-0093-1.NASL", "SUSE_SU-2020-0140-1.NASL", "SUSE_SU-2020-0213-1.NASL", "SUSE_SU-2020-0231-1.NASL", "SUSE_SU-2020-0261-1.NASL", "SUSE_SU-2020-0390-1.NASL", "SUSE_SU-2020-0406-1.NASL", "SUSE_SU-2020-0407-1.NASL", "SUSE_SU-2020-0408-1.NASL", "SUSE_SU-2020-0409-1.NASL", "SUSE_SU-2020-0456-1.NASL", "SUSE_SU-2020-0466-1.NASL", "SUSE_SU-2020-0528-1.NASL", "SUSE_SU-2020-0613-1.NASL", "SUSE_SU-2020-0628-1.NASL", "SUSE_SU-2020-1255-1.NASL", "SUSE_SU-2020-14287-1.NASL", "SUSE_SU-2020-14398-1.NASL", "SUSE_SU-2020-1683-1.NASL", "SUSE_SU-2020-1684-1.NASL", "SUSE_SU-2020-1685-1.NASL", "SUSE_SU-2020-2491-1.NASL", "SUSE_SU-2020-2492-1.NASL", "SUSE_SU-2020-2497-1.NASL", "SUSE_SU-2020-2498-1.NASL", "UBUNTU_USN-4069-1.NASL", "UBUNTU_USN-4069-2.NASL", "UBUNTU_USN-4095-1.NASL", "UBUNTU_USN-4115-1.NASL", "UBUNTU_USN-4115-2.NASL", "UBUNTU_USN-4118-1.NASL", "UBUNTU_USN-4157-1.NASL", "UBUNTU_USN-4157-2.NASL", "UBUNTU_USN-4162-1.NASL", "UBUNTU_USN-4163-1.NASL", "UBUNTU_USN-4208-1.NASL", "UBUNTU_USN-4210-1.NASL", "UBUNTU_USN-4211-1.NASL", "UBUNTU_USN-4225-1.NASL", "UBUNTU_USN-4225-2.NASL", "UBUNTU_USN-4226-1.NASL", "UBUNTU_USN-4227-1.NASL", "UBUNTU_USN-4228-1.NASL", "UBUNTU_USN-4257-1.NASL", "UBUNTU_USN-4263-1.NASL", "UBUNTU_USN-4298-1.NASL", "VIRTUOZZO_VZA-2020-037.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704465", "OPENVAS:1361412562310704605", "OPENVAS:1361412562310704606", "OPENVAS:1361412562310704614", "OPENVAS:1361412562310704621", "OPENVAS:1361412562310815871", "OPENVAS:1361412562310815872", "OPENVAS:1361412562310815873", "OPENVAS:1361412562310815899", "OPENVAS:1361412562310816602", "OPENVAS:1361412562310816603", "OPENVAS:1361412562310816606", "OPENVAS:1361412562310816617", "OPENVAS:1361412562310844102", "OPENVAS:1361412562310844121", "OPENVAS:1361412562310844134", "OPENVAS:1361412562310844156", "OPENVAS:1361412562310844159", "OPENVAS:1361412562310844174", "OPENVAS:1361412562310844203", "OPENVAS:1361412562310844208", "OPENVAS:1361412562310844209", "OPENVAS:1361412562310844210", "OPENVAS:1361412562310844256", "OPENVAS:1361412562310844257", "OPENVAS:1361412562310844258", "OPENVAS:1361412562310844281", "OPENVAS:1361412562310844282", "OPENVAS:1361412562310844283", "OPENVAS:1361412562310844284", "OPENVAS:1361412562310844298", "OPENVAS:1361412562310844315", "OPENVAS:1361412562310844323", "OPENVAS:1361412562310844360", "OPENVAS:1361412562310852611", "OPENVAS:1361412562310852705", "OPENVAS:1361412562310852750", "OPENVAS:1361412562310852855", "OPENVAS:1361412562310852858", "OPENVAS:1361412562310852917", "OPENVAS:1361412562310852953", "OPENVAS:1361412562310852971", "OPENVAS:1361412562310853015", "OPENVAS:1361412562310853022", "OPENVAS:1361412562310853044", "OPENVAS:1361412562310876744", "OPENVAS:1361412562310876747", "OPENVAS:1361412562310876749", "OPENVAS:1361412562310876750", "OPENVAS:1361412562310876751", "OPENVAS:1361412562310876753", "OPENVAS:1361412562310876809", "OPENVAS:1361412562310876841", "OPENVAS:1361412562310876869", "OPENVAS:1361412562310876925", "OPENVAS:1361412562310876943", "OPENVAS:1361412562310876995", "OPENVAS:1361412562310876999", "OPENVAS:1361412562310877052", "OPENVAS:1361412562310877058", "OPENVAS:1361412562310877070", "OPENVAS:1361412562310877132", "OPENVAS:1361412562310877136", "OPENVAS:1361412562310877209", "OPENVAS:1361412562310877318", "OPENVAS:1361412562310877358", "OPENVAS:1361412562310877370", "OPENVAS:1361412562310877374", "OPENVAS:1361412562310877476", "OPENVAS:1361412562310877479", "OPENVAS:1361412562310877533", "OPENVAS:1361412562310877540", "OPENVAS:1361412562310877541", "OPENVAS:1361412562310877547", "OPENVAS:1361412562310877588", "OPENVAS:1361412562310877952", "OPENVAS:1361412562310883164", "OPENVAS:1361412562310883170", "OPENVAS:1361412562310883173", "OPENVAS:1361412562310883175", "OPENVAS:1361412562310883179", "OPENVAS:1361412562310883181", "OPENVAS:1361412562310883182", "OPENVAS:1361412562310883191", "OPENVAS:1361412562310883192", "OPENVAS:1361412562310883199", "OPENVAS:1361412562310883200", "OPENVAS:1361412562310891799", "OPENVAS:1361412562310891824", "OPENVAS:1361412562310891930", "OPENVAS:1361412562310892068", "OPENVAS:1361412562310892094", "OPENVAS:1361412562310892114", "OPENVAS:1361412562310892128", "OPENVAS:1361412562311220191588", "OPENVAS:1361412562311220191612", "OPENVAS:1361412562311220191635", "OPENVAS:1361412562311220191639", "OPENVAS:1361412562311220191672", "OPENVAS:1361412562311220192106", "OPENVAS:1361412562311220192201", "OPENVAS:1361412562311220192274", "OPENVAS:1361412562311220192283", "OPENVAS:1361412562311220192309", "OPENVAS:1361412562311220192353", "OPENVAS:1361412562311220192531", "OPENVAS:1361412562311220192599", "OPENVAS:1361412562311220201012", "OPENVAS:1361412562311220201042", "OPENVAS:1361412562311220201111", "OPENVAS:1361412562311220201112", "OPENVAS:1361412562311220201135", "OPENVAS:1361412562311220201158", "OPENVAS:1361412562311220201181", "OPENVAS:1361412562311220201186", "OPENVAS:1361412562311220201197", "OPENVAS:1361412562311220201307", "OPENVAS:1361412562311220201342", "OPENVAS:1361412562311220201349", "OPENVAS:1361412562311220201395", "OPENVAS:1361412562311220201396", "OPENVAS:1361412562311220201434", "OPENVAS:1361412562311220201435", "OPENVAS:1361412562311220201536", "OPENVAS:1361412562311220201564", "OPENVAS:1361412562311220201581", "OPENVAS:1361412562311220201606", "OPENVAS:1361412562311220201662", "OPENVAS:1361412562311220201674", "OPENVAS:1361412562311220201785"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2021", "ORACLE:CPUJAN2020", "ORACLE:CPUJAN2022", "ORACLE:CPUJUL2021"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-2029", "ELSA-2019-3517", "ELSA-2020-0122", "ELSA-2020-0128", "ELSA-2020-0157", "ELSA-2020-0196", "ELSA-2020-0202", "ELSA-2020-0227", "ELSA-2020-0273", "ELSA-2020-0339", "ELSA-2020-0374", "ELSA-2020-0487", "ELSA-2020-0540", "ELSA-2020-0541", "ELSA-2020-0632", "ELSA-2020-0726", "ELSA-2020-0790", "ELSA-2020-1016", "ELSA-2020-1804", "ELSA-2020-1810", "ELSA-2020-5541", "ELSA-2020-5569", "ELSA-2020-5670", "ELSA-2020-5676", "ELSA-2020-5715", "ELSA-2020-5845", "ELSA-2020-5866", "ELSA-2021-9002", "ELSA-2021-9459"]}, {"type": "osv", "idList": ["OSV:DLA-1799-1", "OSV:DLA-1824-1", "OSV:DLA-1930-1", "OSV:DLA-2068-1", "OSV:DLA-2094-1", "OSV:DLA-2114-1", "OSV:DLA-2128-1", "OSV:DSA-4465-1", "OSV:DSA-4605-1", "OSV:DSA-4606-1", "OSV:DSA-4614-1", "OSV:DSA-4621-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:152663", "PACKETSTORM:156189"]}, {"type": "photon", "idList": ["PHSA-2019-0015", "PHSA-2019-0036", "PHSA-2019-0160", "PHSA-2019-0189", "PHSA-2019-0224", "PHSA-2019-0235", "PHSA-2019-1.0-0224", "PHSA-2019-1.0-0235", "PHSA-2019-2.0-0160", "PHSA-2019-2.0-0189", "PHSA-2019-3.0-0015", "PHSA-2019-3.0-0036", "PHSA-2020-0084", "PHSA-2020-0235", "PHSA-2020-1.0-0290", "PHSA-2020-2.0-0235", "PHSA-2020-3.0-0084"]}, {"type": "redhat", "idList": ["RHSA-2019:2029", "RHSA-2019:2043", "RHSA-2019:3309", "RHSA-2019:3517", "RHSA-2019:4238", "RHSA-2020:0100", "RHSA-2020:0103", "RHSA-2020:0122", "RHSA-2020:0128", "RHSA-2020:0157", "RHSA-2020:0174", "RHSA-2020:0179", "RHSA-2020:0196", "RHSA-2020:0202", "RHSA-2020:0204", "RHSA-2020:0227", "RHSA-2020:0229", "RHSA-2020:0231", "RHSA-2020:0232", "RHSA-2020:0273", "RHSA-2020:0328", "RHSA-2020:0339", "RHSA-2020:0374", "RHSA-2020:0375", "RHSA-2020:0451", "RHSA-2020:0463", "RHSA-2020:0465", "RHSA-2020:0467", "RHSA-2020:0468", "RHSA-2020:0469", "RHSA-2020:0470", "RHSA-2020:0476", "RHSA-2020:0487", "RHSA-2020:0509", "RHSA-2020:0540", "RHSA-2020:0541", "RHSA-2020:0543", "RHSA-2020:0592", "RHSA-2020:0609", "RHSA-2020:0632", "RHSA-2020:0653", "RHSA-2020:0661", "RHSA-2020:0664", "RHSA-2020:0726", "RHSA-2020:0790", "RHSA-2020:0831", "RHSA-2020:0856", "RHSA-2020:1266", "RHSA-2020:1347", "RHSA-2020:1353", "RHSA-2020:1475", "RHSA-2020:1493", "RHSA-2020:2014", "RHSA-2020:2236", "RHSA-2020:2237", "RHSA-2020:2238", "RHSA-2020:2239", "RHSA-2020:2241", "RHSA-2020:3386", "RHSA-2020:3387", "RHSA-2020:3388", "RHSA-2020:5585"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-11599", "RH:CVE-2019-13734", "RH:CVE-2019-14816", "RH:CVE-2019-14895", "RH:CVE-2019-14898", "RH:CVE-2019-14901", "RH:CVE-2019-17133", "RH:CVE-2019-18634", "RH:CVE-2019-3892", "RH:CVE-2020-2583", "RH:CVE-2020-2590", "RH:CVE-2020-2593", "RH:CVE-2020-2601", "RH:CVE-2020-2604", "RH:CVE-2020-2654", "RH:CVE-2020-2659"]}, {"type": "slackware", "idList": ["SSA-2019-202-01", "SSA-2019-311-01", "SSA-2020-031-01", "SSA-2020-086-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1716-1", "OPENSUSE-SU-2019:1757-1", "OPENSUSE-SU-2019:2173-1", "OPENSUSE-SU-2019:2181-1", "OPENSUSE-SU-2019:2392-1", "OPENSUSE-SU-2019:2444-1", "OPENSUSE-SU-2019:2675-1", "OPENSUSE-SU-2019:2692-1", "OPENSUSE-SU-2019:2694-1", "OPENSUSE-SU-2020:0113-1", "OPENSUSE-SU-2020:0147-1", "OPENSUSE-SU-2020:0244-1"]}, {"type": "symantec", "idList": ["SMNTC-110956", "SMNTC-111341", "SMNTC-111480", "SMNTC-111484", "SMNTC-111486", "SMNTC-111488", "SMNTC-111489", "SMNTC-111491", "SMNTC-111505"]}, {"type": "thn", "idList": ["THN:726936F27D7083C4F7A589C56EE66303"]}, {"type": "threatpost", "idList": ["THREATPOST:B5964CC2880F7E4AFF1E9C5DEEE5B287"]}, {"type": "ubuntu", "idList": ["USN-4069-1", "USN-4069-2", "USN-4095-1", "USN-4115-1", "USN-4115-2", "USN-4118-1", "USN-4157-1", "USN-4157-2", "USN-4162-1", "USN-4162-2", "USN-4163-1", "USN-4163-2", "USN-4208-1", "USN-4210-1", "USN-4211-1", "USN-4211-2", "USN-4225-1", "USN-4225-2", "USN-4226-1", "USN-4227-1", "USN-4227-2", "USN-4228-1", "USN-4228-2", "USN-4257-1", "USN-4263-1", "USN-4263-2", "USN-4298-1", "USN-4298-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-11599", "UB:CVE-2019-13734", "UB:CVE-2019-13750", "UB:CVE-2019-14816", "UB:CVE-2019-14895", "UB:CVE-2019-14898", "UB:CVE-2019-14901", "UB:CVE-2019-17133", "UB:CVE-2019-18634", "UB:CVE-2020-2583", "UB:CVE-2020-2590", "UB:CVE-2020-2593", "UB:CVE-2020-2601", "UB:CVE-2020-2604", "UB:CVE-2020-2654", "UB:CVE-2020-2659"]}, {"type": "veracode", "idList": ["VERACODE:21062", "VERACODE:22305", "VERACODE:22306", "VERACODE:22307", "VERACODE:22308", "VERACODE:22309", "VERACODE:22310", "VERACODE:22330", "VERACODE:22470", "VERACODE:25172"]}, {"type": "virtuozzo", "idList": ["VZA-2020-036", "VZA-2020-037"]}, {"type": "zdt", "idList": ["1337DAY-ID-32619", "1337DAY-ID-33893", "1337DAY-ID-33950"]}]}, "epss": [{"cve": "CVE-2019-11599", "epss": "0.000430000", "percentile": "0.074200000", "modified": "2023-03-19"}, {"cve": "CVE-2019-13734", "epss": "0.004120000", "percentile": "0.699190000", "modified": "2023-03-19"}, {"cve": "CVE-2019-14816", "epss": "0.000450000", "percentile": "0.123920000", "modified": "2023-03-19"}, {"cve": "CVE-2019-14895", "epss": "0.004510000", "percentile": "0.712030000", "modified": "2023-03-19"}, {"cve": "CVE-2019-14898", "epss": "0.000420000", "percentile": "0.056360000", "modified": "2023-03-19"}, {"cve": "CVE-2019-14901", "epss": "0.013210000", "percentile": "0.839010000", "modified": "2023-03-19"}, {"cve": "CVE-2019-17133", "epss": "0.005760000", "percentile": "0.746260000", "modified": "2023-03-19"}, {"cve": "CVE-2019-18634", "epss": "0.002710000", "percentile": "0.627760000", "modified": "2023-03-19"}, {"cve": "CVE-2020-2583", "epss": "0.002680000", "percentile": "0.626030000", "modified": "2023-03-19"}, {"cve": "CVE-2020-2590", "epss": "0.000680000", "percentile": "0.278390000", "modified": "2023-03-19"}, {"cve": "CVE-2020-2593", "epss": "0.000680000", "percentile": "0.278390000", "modified": "2023-03-19"}, {"cve": "CVE-2020-2601", "epss": "0.000810000", "percentile": "0.329590000", "modified": "2023-03-19"}, {"cve": "CVE-2020-2604", "epss": "0.002440000", "percentile": "0.605320000", "modified": "2023-03-19"}, {"cve": "CVE-2020-2654", "epss": "0.000680000", "percentile": "0.276090000", "modified": "2023-03-19"}, {"cve": "CVE-2020-2659", "epss": "0.001030000", "percentile": "0.405220000", "modified": "2023-03-19"}], "vulnersScore": 0.1}, "_state": {"score": 1677430879, "dependencies": 1677430880, "epss": 1679304688}, "_internal": {"score_hash": "587a524bdc618740466469269fbefa27"}, "pluginID": "164606", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164606);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/23\");\n\n script_cve_id(\n \"CVE-2019-11599\",\n \"CVE-2019-13734\",\n \"CVE-2019-14816\",\n \"CVE-2019-14895\",\n \"CVE-2019-14898\",\n \"CVE-2019-14901\",\n \"CVE-2019-17133\",\n \"CVE-2019-18634\",\n \"CVE-2020-2583\",\n \"CVE-2020-2590\",\n \"CVE-2020-2593\",\n \"CVE-2020-2601\",\n \"CVE-2020-2604\",\n \"CVE-2020-2654\",\n \"CVE-2020-2659\"\n );\n\n script_name(english:\"Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.16.1.1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Nutanix AOS host is affected by multiple vulnerabilities .\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of AOS installed on the remote host is prior to 5.16.1.1. It is, therefore, affected by multiple\nvulnerabilities as referenced in the NXSA-AOS-5.16.1.1 advisory.\n\n - The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to\n prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive\n information, cause a denial of service, or possibly have unspecified other impact by triggering a race\n condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c,\n fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. (CVE-2019-11599)\n\n - Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2019-13734)\n\n - There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip\n driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly\n execute arbitrary code. (CVE-2019-14816)\n\n - A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before\n 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection\n negotiation during the handling of the remote devices country settings. This could allow the remote device\n to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14895)\n\n - The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could\n use this flaw to obtain sensitive information, cause a denial of service, or possibly have other\n unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls.\n (CVE-2019-14898)\n\n - A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell\n WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a\n denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the\n availability of the system. If code execution occurs, the code will run with the permissions of root. This\n will affect both confidentiality and integrity of files on the system. (CVE-2019-14901)\n\n - In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a\n long SSID IE, leading to a Buffer Overflow. (CVE-2019-17133)\n\n - In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer\n overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS;\n however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an\n administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.\n (CVE-2019-18634)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).\n Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded:\n 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in\n unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web\n Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code\n that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be\n exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the\n APIs. (CVE-2020-2583)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported\n versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to\n compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized\n update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This\n vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start\n applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that\n comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be\n exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the\n APIs. (CVE-2020-2590)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking).\n Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded:\n 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in\n unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well\n as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This\n vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start\n applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that\n comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be\n exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the\n APIs. (CVE-2020-2593)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported\n versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to\n compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may\n significantly impact additional products. Successful attacks of this vulnerability can result in\n unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data.\n Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web\n Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code\n that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be\n exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the\n APIs. (CVE-2020-2601)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).\n Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded:\n 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in\n takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in\n clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load\n and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for\n security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through\n a web service which supplies data to the APIs. (CVE-2020-2604)\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are\n affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows\n unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service\n (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the\n specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as\n through a web service. (CVE-2020-2654)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking).\n Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized\n ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This\n vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start\n applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that\n comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be\n exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the\n APIs. (CVE-2020-2659)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://portal.nutanix.com/page/documents/security-advisories/release-advisories/details?id=NXSA-AOS-5.16.1.1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bb6896fc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the Nutanix AOS software to recommended version.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14901\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-17133\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:nutanix:aos\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"nutanix_collect.nasl\");\n script_require_keys(\"Host/Nutanix/Data/lts\", \"Host/Nutanix/Data/Service\", \"Host/Nutanix/Data/Version\", \"Host/Nutanix/Data/arch\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_info = vcf::nutanix::get_app_info();\n\nvar constraints = [\n { 'fixed_version' : '5.16.1.1', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 5.16.1.1 or higher.', 'lts' : FALSE },\n { 'fixed_version' : '5.16.1.1', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 5.16.1.1 or higher.', 'lts' : FALSE }\n];\n\nvcf::nutanix::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE,\n flags:{'sqli':TRUE}\n);\n", "naslFamily": "Misc.", "cpe": ["cpe:2.3:o:nutanix:aos:*:*:*:*:*:*:*:*"], "solution": "Update the Nutanix AOS software to recommended version.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2019-14901", "vendor_cvss2": {"score": 10, "vector": "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "vendor_cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "vpr": {"risk factor": "High", "score": "8.4"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2022-08-24T00:00:00", "vulnerabilityPublicationDate": "2019-04-29T00:00:00", "exploitableWith": []}

{"nessus": [{"lastseen": "2023-01-11T15:06:33", "description": "Security Fix(es) :\n\n - kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816)\n\n - kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895)\n\n - kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901)\n\n - kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c (CVE-2019-17133)\n\n - kernel: incomplete fix for race condition between mmget_not_zero()/get_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898)\n\nBug Fix(es) :\n\n - [Azure][7.8] Include patch 'PCI: hv: Avoid use of hv_pci_dev->pci_slot after freeing it' (BZ#1766089)\n\n - [Hyper-V][RHEL7.8] When accelerated networking is enabled on RedHat, network interface(eth0) moved to new network namespace does not obtain IP address.\n (BZ#1766093)\n\n - [Azure][RHEL 7.6] hv_vmbus probe pass-through GPU card failed (BZ#1766097)\n\n - SMB3: Do not error out on large file transfers if server responds with STATUS_INSUFFICIENT_RESOURCES (BZ#1767621)\n\n - Since RHEL commit 5330f5d09820 high load can cause dm-multipath path failures (BZ#1770113)\n\n - Hard lockup in free_one_page()->_raw_spin_lock() because sosreport command is reading from /proc/pagetypeinfo (BZ#1770732)\n\n - patchset for x86/atomic: Fix smp_mb__{before,after}_atomic() (BZ#1772812)\n\n - fix compat statfs64() returning EOVERFLOW for when\n _FILE_OFFSET_BITS=64 (BZ#1775678)\n\n - Guest crash after load cpuidle-haltpoll driver (BZ#1776289)\n\n - RHEL 7.7 long I/O stalls with bnx2fc from not masking off scope bits of retry delay value (BZ#1776290)\n\n - Multiple 'mv' processes hung on a gfs2 filesystem (BZ#1777297)\n\n - Moving Egress IP will result in conntrack sessions being DESTROYED (BZ#1779564)\n\n - core: backports from upstream (BZ#1780033)\n\n - kernel BUG at arch/powerpc/platforms/pseries/lpar.c:482! (BZ#1780148)\n\n - Race between tty_open() and flush_to_ldisc() using the tty_struct->driver_data field. (BZ#1780163)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-02-07T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL7.x x86_64 (20200205)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11599", "CVE-2019-14816", "CVE-2019-14895", "CVE-2019-14898", "CVE-2019-14901", "CVE-2019-17133"], "modified": "2020-02-24T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:bpftool", "p-cpe:/a:fermilab:scientific_linux:bpftool-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-doc", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:kernel-tools", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel", "p-cpe:/a:fermilab:scientific_linux:perf", "p-cpe:/a:fermilab:scientific_linux:perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-perf", "p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20200205_KERNEL_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/133538", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133538);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2019-11599\", \"CVE-2019-14816\", \"CVE-2019-14895\", \"CVE-2019-14898\", \"CVE-2019-14901\", \"CVE-2019-17133\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL7.x x86_64 (20200205)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - kernel: heap overflow in mwifiex_update_vs_ie() function\n of Marvell WiFi driver (CVE-2019-14816)\n\n - kernel: heap-based buffer overflow in\n mwifiex_process_country_ie() function in\n drivers/net/wireless/marvell/mwifiex/sta_ioctl.c\n (CVE-2019-14895)\n\n - kernel: heap overflow in marvell/mwifiex/tdls.c\n (CVE-2019-14901)\n\n - kernel: buffer overflow in cfg80211_mgd_wext_giwessid in\n net/wireless/wext-sme.c (CVE-2019-17133)\n\n - kernel: incomplete fix for race condition between\n mmget_not_zero()/get_task_mm() and core dumping in\n CVE-2019-11599 (CVE-2019-14898)\n\nBug Fix(es) :\n\n - [Azure][7.8] Include patch 'PCI: hv: Avoid use of\n hv_pci_dev->pci_slot after freeing it' (BZ#1766089)\n\n - [Hyper-V][RHEL7.8] When accelerated networking is\n enabled on RedHat, network interface(eth0) moved to new\n network namespace does not obtain IP address.\n (BZ#1766093)\n\n - [Azure][RHEL 7.6] hv_vmbus probe pass-through GPU card\n failed (BZ#1766097)\n\n - SMB3: Do not error out on large file transfers if server\n responds with STATUS_INSUFFICIENT_RESOURCES (BZ#1767621)\n\n - Since RHEL commit 5330f5d09820 high load can cause\n dm-multipath path failures (BZ#1770113)\n\n - Hard lockup in free_one_page()->_raw_spin_lock() because\n sosreport command is reading from /proc/pagetypeinfo\n (BZ#1770732)\n\n - patchset for x86/atomic: Fix\n smp_mb__{before,after}_atomic() (BZ#1772812)\n\n - fix compat statfs64() returning EOVERFLOW for when\n _FILE_OFFSET_BITS=64 (BZ#1775678)\n\n - Guest crash after load cpuidle-haltpoll driver\n (BZ#1776289)\n\n - RHEL 7.7 long I/O stalls with bnx2fc from not masking\n off scope bits of retry delay value (BZ#1776290)\n\n - Multiple 'mv' processes hung on a gfs2 filesystem\n (BZ#1777297)\n\n - Moving Egress IP will result in conntrack sessions being\n DESTROYED (BZ#1779564)\n\n - core: backports from upstream (BZ#1780033)\n\n - kernel BUG at arch/powerpc/platforms/pseries/lpar.c:482!\n (BZ#1780148)\n\n - Race between tty_open() and flush_to_ldisc() using the\n tty_struct->driver_data field. (BZ#1780163)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1766089\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1766093\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1766097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1767621\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1770113\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1770732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1772812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1775678\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1776289\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1776290\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1777297\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1779564\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1780033\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1780148\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1780163\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2002&L=SCIENTIFIC-LINUX-ERRATA&P=1046\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?177fd584\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bpftool-debuginfo-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-abi-whitelists-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-doc-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-1062.12.1.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / kernel-abi-whitelists / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-04-01T14:36:42", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816)\n\n* kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895)\n\n* kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901)\n\n* kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/ wext-sme.c (CVE-2019-17133)\n\n* kernel: incomplete fix for race condition between mmget_not_zero()/ get_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* [Azure][7.8] Include patch 'PCI: hv: Avoid use of hv_pci_dev->pci_slot after freeing it' (BZ#1766089)\n\n* [Hyper-V][RHEL7.8] When accelerated networking is enabled on RedHat, network interface(eth0) moved to new network namespace does not obtain IP address. (BZ#1766093)\n\n* [Azure][RHEL 7.6] hv_vmbus probe pass-through GPU card failed (BZ#1766097)\n\n* SMB3: Do not error out on large file transfers if server responds with STATUS_INSUFFICIENT_RESOURCES (BZ#1767621)\n\n* Since RHEL commit 5330f5d09820 high load can cause dm-multipath path failures (BZ#1770113)\n\n* Hard lockup in free_one_page()->_raw_spin_lock() because sosreport command is reading from /proc/pagetypeinfo (BZ#1770732)\n\n* patchset for x86/atomic: Fix smp_mb__{before,after}_atomic() (BZ#1772812)\n\n* fix compat statfs64() returning EOVERFLOW for when\n_FILE_OFFSET_BITS=64 (BZ #1775678)\n\n* Guest crash after load cpuidle-haltpoll driver (BZ#1776289)\n\n* RHEL 7.7 long I/O stalls with bnx2fc from not masking off scope bits of retry delay value (BZ#1776290)\n\n* Multiple 'mv' processes hung on a gfs2 filesystem (BZ#1777297)\n\n* Moving Egress IP will result in conntrack sessions being DESTROYED (BZ# 1779564)\n\n* core: backports from upstream (BZ#1780033)\n\n* kernel BUG at arch/powerpc/platforms/pseries/lpar.c:482! (BZ#1780148)\n\n* Race between tty_open() and flush_to_ldisc() using the tty_struct-> driver_data field. (BZ#1780163)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-02-27T00:00:00", "type": "nessus", "title": "CentOS 7 : kernel (CESA-2020:0374)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11599", "CVE-2019-14816", "CVE-2019-14895", "CVE-2019-14898", "CVE-2019-14901", "CVE-2019-17133"], "modified": "2020-03-02T00:00:00", "cpe": ["p-cpe:/a:centos:centos:bpftool", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:kernel-tools-libs-devel", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2020-0374.NASL", "href": "https://www.tenable.com/plugins/nessus/134087", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2020:0374 and \n# CentOS Errata and Security Advisory 2020:0374 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(134087);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/02\");\n\n script_cve_id(\"CVE-2019-14816\", \"CVE-2019-14895\", \"CVE-2019-14898\", \"CVE-2019-14901\", \"CVE-2019-17133\");\n script_xref(name:\"RHSA\", value:\"2020:0374\");\n\n script_name(english:\"CentOS 7 : kernel (CESA-2020:0374)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell\nWiFi driver (CVE-2019-14816)\n\n* kernel: heap-based buffer overflow in mwifiex_process_country_ie()\nfunction in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c\n(CVE-2019-14895)\n\n* kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901)\n\n* kernel: buffer overflow in cfg80211_mgd_wext_giwessid in\nnet/wireless/ wext-sme.c (CVE-2019-17133)\n\n* kernel: incomplete fix for race condition between mmget_not_zero()/\nget_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* [Azure][7.8] Include patch 'PCI: hv: Avoid use of\nhv_pci_dev->pci_slot after freeing it' (BZ#1766089)\n\n* [Hyper-V][RHEL7.8] When accelerated networking is enabled on RedHat,\nnetwork interface(eth0) moved to new network namespace does not obtain\nIP address. (BZ#1766093)\n\n* [Azure][RHEL 7.6] hv_vmbus probe pass-through GPU card failed\n(BZ#1766097)\n\n* SMB3: Do not error out on large file transfers if server responds\nwith STATUS_INSUFFICIENT_RESOURCES (BZ#1767621)\n\n* Since RHEL commit 5330f5d09820 high load can cause dm-multipath path\nfailures (BZ#1770113)\n\n* Hard lockup in free_one_page()->_raw_spin_lock() because sosreport\ncommand is reading from /proc/pagetypeinfo (BZ#1770732)\n\n* patchset for x86/atomic: Fix smp_mb__{before,after}_atomic()\n(BZ#1772812)\n\n* fix compat statfs64() returning EOVERFLOW for when\n_FILE_OFFSET_BITS=64 (BZ #1775678)\n\n* Guest crash after load cpuidle-haltpoll driver (BZ#1776289)\n\n* RHEL 7.7 long I/O stalls with bnx2fc from not masking off scope bits\nof retry delay value (BZ#1776290)\n\n* Multiple 'mv' processes hung on a gfs2 filesystem (BZ#1777297)\n\n* Moving Egress IP will result in conntrack sessions being DESTROYED\n(BZ# 1779564)\n\n* core: backports from upstream (BZ#1780033)\n\n* kernel BUG at arch/powerpc/platforms/pseries/lpar.c:482!\n(BZ#1780148)\n\n* Race between tty_open() and flush_to_ldisc() using the tty_struct->\ndriver_data field. (BZ#1780163)\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2020-February/035645.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?65128778\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14901\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-abi-whitelists-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-doc-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perf-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-1062.12.1.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-04-01T14:36:20", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0374 advisory.\n\n - kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816)\n\n - kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895)\n\n - kernel: incomplete fix for race condition between mmget_not_zero()/get_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898)\n\n - kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901)\n\n - kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c (CVE-2019-17133)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-02-05T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2020:0374)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11599", "CVE-2019-14816", "CVE-2019-14895", "CVE-2019-14898", "CVE-2019-14901", "CVE-2019-17133"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:rhel_aus:7.7", "cpe:/o:redhat:rhel_e4s:7.7", "cpe:/o:redhat:rhel_eus:7.7", "cpe:/o:redhat:rhel_tus:7.7", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2020-0374.NASL", "href": "https://www.tenable.com/plugins/nessus/133483", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0374. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133483);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2019-14816\",\n \"CVE-2019-14895\",\n \"CVE-2019-14898\",\n \"CVE-2019-14901\",\n \"CVE-2019-17133\"\n );\n script_xref(name:\"RHSA\", value:\"2020:0374\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2020:0374)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0374 advisory.\n\n - kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816)\n\n - kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in\n drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895)\n\n - kernel: incomplete fix for race condition between mmget_not_zero()/get_task_mm() and core dumping in\n CVE-2019-11599 (CVE-2019-14898)\n\n - kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901)\n\n - kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c (CVE-2019-17133)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14898\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17133\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1744149\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1771909\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1773519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1774671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1774870\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14901\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(120, 122, 362, 400, 667);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2019-14816', 'CVE-2019-14895', 'CVE-2019-14898', 'CVE-2019-14901', 'CVE-2019-17133');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:0374');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.7/x86_64/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.7/x86_64/os',\n 'content/aus/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.7/x86_64/debug',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/debug',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/os',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.7/x86_64/os',\n 'content/eus/rhel/computenode/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/os',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/os',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/os',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/os',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.7/s390x/debug',\n 'content/eus/rhel/system-z/7/7.7/s390x/optional/debug',\n 'content/eus/rhel/system-z/7/7.7/s390x/optional/os',\n 'content/eus/rhel/system-z/7/7.7/s390x/optional/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.7/s390x/os',\n 'content/eus/rhel/system-z/7/7.7/s390x/sap/debug',\n 'content/eus/rhel/system-z/7/7.7/s390x/sap/os',\n 'content/eus/rhel/system-z/7/7.7/s390x/sap/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.7/s390x/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/os',\n 'content/tus/rhel/server/7/7.7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-3.10.0-1062.12.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-3.10.0-1062.12.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1062.12.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1062.12.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-1062.12.1.el7', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1062.12.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1062.12.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1062.12.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1062.12.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1062.12.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1062.12.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-1062.12.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-1062.12.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-3.10.0-1062.12.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-devel-3.10.0-1062.12.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1062.12.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1062.12.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1062.12.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1062.12.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1062.12.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1062.12.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1062.12.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/os',\n 'content/fastrack/rhel/system-z/7/s390x/optional/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/os',\n 'content/fastrack/rhel/system-z/7/s390x/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-3.10.0-1062.12.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1062.12.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-1062.12.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1062.12.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1062.12.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1062.12.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-1062.12.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-3.10.0-1062.12.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-devel-3.10.0-1062.12.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1062.12.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1062.12.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc');\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-04-01T14:36:43", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0375 advisory.\n\n - kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816)\n\n - kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895)\n\n - kernel: incomplete fix for race condition between mmget_not_zero()/get_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898)\n\n - kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901)\n\n - kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c (CVE-2019-17133)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-02-05T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel-rt (RHSA-2020:0375)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11599", "CVE-2019-14816", "CVE-2019-14895", "CVE-2019-14898", "CVE-2019-14901", "CVE-2019-17133"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:rhel_aus:7.7", "cpe:/o:redhat:rhel_e4s:7.7", "cpe:/o:redhat:rhel_eus:7.7", "cpe:/o:redhat:rhel_tus:7.7", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm"], "id": "REDHAT-RHSA-2020-0375.NASL", "href": "https://www.tenable.com/plugins/nessus/133484", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0375. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133484);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2019-14816\",\n \"CVE-2019-14895\",\n \"CVE-2019-14898\",\n \"CVE-2019-14901\",\n \"CVE-2019-17133\"\n );\n script_xref(name:\"RHSA\", value:\"2020:0375\");\n\n script_name(english:\"RHEL 7 : kernel-rt (RHSA-2020:0375)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0375 advisory.\n\n - kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816)\n\n - kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in\n drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895)\n\n - kernel: incomplete fix for race condition between mmget_not_zero()/get_task_mm() and core dumping in\n CVE-2019-11599 (CVE-2019-14898)\n\n - kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901)\n\n - kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c (CVE-2019-17133)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14898\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17133\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0375\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1744149\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1771909\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1773519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1774671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1774870\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14901\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(120, 122, 362, 400, 667);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2019-14816', 'CVE-2019-14895', 'CVE-2019-14898', 'CVE-2019-14901', 'CVE-2019-17133');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:0375');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.7/x86_64/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.7/x86_64/os',\n 'content/aus/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.7/x86_64/debug',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/debug',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/os',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.7/x86_64/os',\n 'content/eus/rhel/computenode/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/os',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/os',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/os',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/os',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/os',\n 'content/tus/rhel/server/7/7.7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-3.10.0-1062.12.1.rt56.1042.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-3.10.0-1062.12.1.rt56.1042.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-3.10.0-1062.12.1.rt56.1042.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-3.10.0-1062.12.1.rt56.1042.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-3.10.0-1062.12.1.rt56.1042.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-doc-3.10.0-1062.12.1.rt56.1042.el7', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-3.10.0-1062.12.1.rt56.1042.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-trace-3.10.0-1062.12.1.rt56.1042.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-trace-devel-3.10.0-1062.12.1.rt56.1042.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-trace-kvm-3.10.0-1062.12.1.rt56.1042.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-3.10.0-1062.12.1.rt56.1042.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-3.10.0-1062.12.1.rt56.1042.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-3.10.0-1062.12.1.rt56.1042.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-3.10.0-1062.12.1.rt56.1042.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-3.10.0-1062.12.1.rt56.1042.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-doc-3.10.0-1062.12.1.rt56.1042.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-3.10.0-1062.12.1.rt56.1042.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-trace-3.10.0-1062.12.1.rt56.1042.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-trace-devel-3.10.0-1062.12.1.rt56.1042.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-trace-kvm-3.10.0-1062.12.1.rt56.1042.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-debug / kernel-rt-debug-devel / etc');\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-04-01T14:36:19", "description": "An update for kernel-rt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es) :\n\n* kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816)\n\n* kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895)\n\n* kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901)\n\n* kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/ wext-sme.c (CVE-2019-17133)\n\n* kernel: incomplete fix for race condition between mmget_not_zero()/ get_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* patchset for x86/atomic: Fix smp_mb__{before,after}_atomic() [kernel-rt] (BZ#1772522)\n\n* kernel-rt: update to the RHEL7.7.z batch#4 source tree (BZ#1780322)\n\n* kvm nx_huge_pages_recovery_ratio=0 is needed to meet KVM-RT low latency requirement (BZ#1781157)\n\n* kernel-rt: hard lockup panic in during execution of CFS bandwidth period timer (BZ#1788057)\n\nThis plugin has been deprecated. Although RHSA-2020:0375 exists, it is for kernel-rt, which does not exist on CentOS. This CentOS copy of the advisory duplicates the CVEs and packages from the non-rt kernel in RHSA-2020:0374.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-02-06T00:00:00", "type": "nessus", "title": "CentOS 7 : kernel (CESA-2020:0375) (deprecated)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11599", "CVE-2019-14816", "CVE-2019-14895", "CVE-2019-14898", "CVE-2019-14901", "CVE-2019-17133"], "modified": "2020-03-09T00:00:00", "cpe": ["p-cpe:/a:centos:centos:bpftool", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:kernel-tools-libs-devel", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2020-0375.NASL", "href": "https://www.tenable.com/plugins/nessus/133508", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2020/03/06. Advisory is redundant and erroneous.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2020:0375 and \n# CentOS Errata and Security Advisory 2020:0375 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133508);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/09\");\n\n script_cve_id(\"CVE-2019-14816\", \"CVE-2019-14895\", \"CVE-2019-14898\", \"CVE-2019-14901\", \"CVE-2019-17133\");\n script_xref(name:\"RHSA\", value:\"2020:0375\");\n\n script_name(english:\"CentOS 7 : kernel (CESA-2020:0375) (deprecated)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"This plugin has been deprecated.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel-rt is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which\nenables fine-tuning for systems with extremely high determinism\nrequirements.\n\nSecurity Fix(es) :\n\n* kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell\nWiFi driver (CVE-2019-14816)\n\n* kernel: heap-based buffer overflow in mwifiex_process_country_ie()\nfunction in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c\n(CVE-2019-14895)\n\n* kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901)\n\n* kernel: buffer overflow in cfg80211_mgd_wext_giwessid in\nnet/wireless/ wext-sme.c (CVE-2019-17133)\n\n* kernel: incomplete fix for race condition between mmget_not_zero()/\nget_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* patchset for x86/atomic: Fix smp_mb__{before,after}_atomic()\n[kernel-rt] (BZ#1772522)\n\n* kernel-rt: update to the RHEL7.7.z batch#4 source tree (BZ#1780322)\n\n* kvm nx_huge_pages_recovery_ratio=0 is needed to meet KVM-RT low\nlatency requirement (BZ#1781157)\n\n* kernel-rt: hard lockup panic in during execution of CFS bandwidth\nperiod timer (BZ#1788057)\n\nThis plugin has been deprecated. Although RHSA-2020:0375 exists, it is\nfor kernel-rt, which does not exist on CentOS. This CentOS copy of the\nadvisory duplicates the CVEs and packages from the non-rt kernel in\nRHSA-2020:0374.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2020-February/035620.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?633091f1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"n/a\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14901\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated. It is entirely redundant to 2020:0374.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-abi-whitelists-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-doc-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perf-3.10.0-1062.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-1062.12.1.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-04-01T14:36:03", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-0374 advisory.\n\n - A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14895)\n\n - The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls.\n (CVE-2019-14898)\n\n - A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system. (CVE-2019-14901)\n\n - In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow. (CVE-2019-17133)\n\n - There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. (CVE-2019-14816)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-02-06T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : kernel (ELSA-2020-0374)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11599", "CVE-2019-14816", "CVE-2019-14895", "CVE-2019-14898", "CVE-2019-14901", "CVE-2019-17133"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2020-0374.NASL", "href": "https://www.tenable.com/plugins/nessus/133514", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-0374.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133514);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2019-14816\",\n \"CVE-2019-14895\",\n \"CVE-2019-14898\",\n \"CVE-2019-14901\",\n \"CVE-2019-17133\"\n );\n script_xref(name:\"RHSA\", value:\"2020:0374\");\n\n script_name(english:\"Oracle Linux 7 : kernel (ELSA-2020-0374)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-0374 advisory.\n\n - A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before\n 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection\n negotiation during the handling of the remote devices country settings. This could allow the remote device\n to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14895)\n\n - The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could\n use this flaw to obtain sensitive information, cause a denial of service, or possibly have other\n unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls.\n (CVE-2019-14898)\n\n - A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell\n WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a\n denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the\n availability of the system. If code execution occurs, the code will run with the permissions of root. This\n will affect both confidentiality and integrity of files on the system. (CVE-2019-14901)\n\n - In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a\n long SSID IE, leading to a Buffer Overflow. (CVE-2019-17133)\n\n - There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip\n driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly\n execute arbitrary code. (CVE-2019-14816)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-0374.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14901\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.10.0-1062.12.1.el7'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2020-0374');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.10';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-3.10.0'},\n {'reference':'kernel-abi-whitelists-3.10.0-1062.12.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-whitelists-3.10.0'},\n {'reference':'kernel-debug-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-3.10.0'},\n {'reference':'kernel-debug-devel-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-3.10.0'},\n {'reference':'kernel-devel-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-3.10.0'},\n {'reference':'kernel-headers-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-3.10.0'},\n {'reference':'kernel-tools-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-3.10.0'},\n {'reference':'kernel-tools-libs-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-3.10.0'},\n {'reference':'kernel-tools-libs-devel-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-3.10.0'},\n {'reference':'perf-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / etc');\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:05:02", "description": "Security Fix(es) :\n\n - OpenJDK: Use of unsafe RSA-MD5 checkum in Kerberos TGS (Security, 8229951) (CVE-2020-2601)\n\n - OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604)\n\n - OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590)\n\n - OpenJDK: Incorrect isBuiltinStreamHandler causing URL normalization issues (Networking, 8228548) (CVE-2020-2593)\n\n - OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037) (CVE-2020-2654)\n\n - OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909) (CVE-2020-2583)\n\n - OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795) (CVE-2020-2659)", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-01-23T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : java-1.8.0-openjdk on SL7.x x86_64 (20200122)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2583", "CVE-2020-2590", "CVE-2020-2593", "CVE-2020-2601", "CVE-2020-2604", "CVE-2020-2654", "CVE-2020-2659"], "modified": "2020-02-24T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-accessibility", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-accessibility-debug", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-debug", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-debuginfo", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-demo", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-demo-debug", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-devel", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-devel-debug", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-headless", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-headless-debug", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-javadoc", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-javadoc-debug", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-javadoc-zip", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-javadoc-zip-debug", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-src", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-src-debug", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20200122_JAVA_1_8_0_OPENJDK_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/133194", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133194);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2020-2583\", \"CVE-2020-2590\", \"CVE-2020-2593\", \"CVE-2020-2601\", \"CVE-2020-2604\", \"CVE-2020-2654\", \"CVE-2020-2659\");\n\n script_name(english:\"Scientific Linux Security Update : java-1.8.0-openjdk on SL7.x x86_64 (20200122)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - OpenJDK: Use of unsafe RSA-MD5 checkum in Kerberos TGS\n (Security, 8229951) (CVE-2020-2601)\n\n - OpenJDK: Serialization filter changes via\n jdk.serialFilter property modification (Serialization,\n 8231422) (CVE-2020-2604)\n\n - OpenJDK: Improper checks of SASL message properties in\n GssKrb5Base (Security, 8226352) (CVE-2020-2590)\n\n - OpenJDK: Incorrect isBuiltinStreamHandler causing URL\n normalization issues (Networking, 8228548)\n (CVE-2020-2593)\n\n - OpenJDK: Excessive memory usage in OID processing in\n X.509 certificate parsing (Libraries, 8234037)\n (CVE-2020-2654)\n\n - OpenJDK: Incorrect exception processing during\n deserialization in BeanContextSupport (Serialization,\n 8224909) (CVE-2020-2583)\n\n - OpenJDK: Incomplete enforcement of maxDatagramSockets\n limit in DatagramChannelImpl (Networking, 8231795)\n (CVE-2020-2659)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2001&L=SCIENTIFIC-LINUX-ERRATA&P=5367\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?123393e9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-2604\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-accessibility-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-demo-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-devel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-headless-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-javadoc-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-javadoc-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-javadoc-zip-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-src-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-1.8.0.242.b08-0.el7_7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-accessibility-1.8.0.242.b08-0.el7_7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-accessibility-debug-1.8.0.242.b08-0.el7_7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-debug-1.8.0.242.b08-0.el7_7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-debuginfo-1.8.0.242.b08-0.el7_7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-1.8.0.242.b08-0.el7_7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-debug-1.8.0.242.b08-0.el7_7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-1.8.0.242.b08-0.el7_7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-debug-1.8.0.242.b08-0.el7_7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-1.8.0.242.b08-0.el7_7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-debug-1.8.0.242.b08-0.el7_7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"java-1.8.0-openjdk-javadoc-1.8.0.242.b08-0.el7_7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"java-1.8.0-openjdk-javadoc-debug-1.8.0.242.b08-0.el7_7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"java-1.8.0-openjdk-javadoc-zip-1.8.0.242.b08-0.el7_7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.242.b08-0.el7_7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-1.8.0.242.b08-0.el7_7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-debug-1.8.0.242.b08-0.el7_7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk / java-1.8.0-openjdk-accessibility / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-25T14:28:34", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0231 advisory.\n\n - OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909) (CVE-2020-2583)\n\n - OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590)\n\n - OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548) (CVE-2020-2593)\n\n - OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security, 8229951) (CVE-2020-2601)\n\n - OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604)\n\n - OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037) (CVE-2020-2654)\n\n - OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795) (CVE-2020-2659)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-01-28T00:00:00", "type": "nessus", "title": "RHEL 8 : java-1.8.0-openjdk (RHSA-2020:0231)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2583", "CVE-2020-2590", "CVE-2020-2593", "CVE-2020-2601", "CVE-2020-2604", "CVE-2020-2654", "CVE-2020-2659"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:2.3:o:redhat:rhel_e4s:8.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.8.0-openjdk:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.8.0-openjdk-accessibility:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.8.0-openjdk-demo:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.8.0-openjdk-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.8.0-openjdk-headless:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc-zip:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.8.0-openjdk-src:*:*:*:*:*:*:*"], "id": "REDHAT-RHSA-2020-0231.NASL", "href": "https://www.tenable.com/plugins/nessus/133284", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0231. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133284);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2020-2583\",\n \"CVE-2020-2590\",\n \"CVE-2020-2593\",\n \"CVE-2020-2601\",\n \"CVE-2020-2604\",\n \"CVE-2020-2654\",\n \"CVE-2020-2659\"\n );\n script_xref(name:\"RHSA\", value:\"2020:0231\");\n\n script_name(english:\"RHEL 8 : java-1.8.0-openjdk (RHSA-2020:0231)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0231 advisory.\n\n - OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization,\n 8224909) (CVE-2020-2583)\n\n - OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590)\n\n - OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548)\n (CVE-2020-2593)\n\n - OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security, 8229951) (CVE-2020-2601)\n\n - OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422)\n (CVE-2020-2604)\n\n - OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037)\n (CVE-2020-2654)\n\n - OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795)\n (CVE-2020-2659)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2583\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2654\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2659\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0231\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1790444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1790556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1790570\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1790884\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1790944\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1791217\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1791284\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-2604\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 172, 327, 471, 770);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-src\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.0')) audit(AUDIT_OS_NOT, 'Red Hat 8.0', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel8/8.0/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.0/x86_64/appstream/os',\n 'content/e4s/rhel8/8.0/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.0/x86_64/baseos/os',\n 'content/e4s/rhel8/8.0/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.0/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.0/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.0/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.0/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/sap/debug',\n 'content/e4s/rhel8/8.0/x86_64/sap/os',\n 'content/e4s/rhel8/8.0/x86_64/sap/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'java-1.8.0-openjdk-1.8.0.242.b08-0.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-accessibility-1.8.0.242.b08-0.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-demo-1.8.0.242.b08-0.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-devel-1.8.0.242.b08-0.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-headless-1.8.0.242.b08-0.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-javadoc-1.8.0.242.b08-0.el8_0', 'sp':'0', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-javadoc-zip-1.8.0.242.b08-0.el8_0', 'sp':'0', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-src-1.8.0.242.b08-0.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Update Services for SAP Solutions repository.\\n' +\n 'Access to this repository requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'java-1.8.0-openjdk / java-1.8.0-openjdk-accessibility / etc');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:04:49", "description": "An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Use of unsafe RSA-MD5 checkum in Kerberos TGS (Security, 8229951) (CVE-2020-2601)\n\n* OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604)\n\n* OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590)\n\n* OpenJDK: Incorrect isBuiltinStreamHandler causing URL normalization issues (Networking, 8228548) (CVE-2020-2593)\n\n* OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037) (CVE-2020-2654)\n\n* OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909) (CVE-2020-2583)\n\n* OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795) (CVE-2020-2659)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-01-30T00:00:00", "type": "nessus", "title": "CentOS 6 : java-1.8.0-openjdk (CESA-2020:0157)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2583", "CVE-2020-2590", "CVE-2020-2593", "CVE-2020-2601", "CVE-2020-2604", "CVE-2020-2654", "CVE-2020-2659"], "modified": "2020-02-03T00:00:00", "cpe": ["p-cpe:/a:centos:centos:java-1.8.0-openjdk", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-debug", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-demo", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-demo-debug", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-devel", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-devel-debug", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-headless", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-headless-debug", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc-debug", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-src", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-src-debug", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2020-0157.NASL", "href": "https://www.tenable.com/plugins/nessus/133309", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2020:0157 and \n# CentOS Errata and Security Advisory 2020:0157 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133309);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/02/03\");\n\n script_cve_id(\"CVE-2020-2583\", \"CVE-2020-2590\", \"CVE-2020-2593\", \"CVE-2020-2601\", \"CVE-2020-2604\", \"CVE-2020-2654\", \"CVE-2020-2659\");\n script_xref(name:\"RHSA\", value:\"2020:0157\");\n\n script_name(english:\"CentOS 6 : java-1.8.0-openjdk (CESA-2020:0157)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for java-1.8.0-openjdk is now available for Red Hat\nEnterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime\nEnvironment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Use of unsafe RSA-MD5 checkum in Kerberos TGS (Security,\n8229951) (CVE-2020-2601)\n\n* OpenJDK: Serialization filter changes via jdk.serialFilter property\nmodification (Serialization, 8231422) (CVE-2020-2604)\n\n* OpenJDK: Improper checks of SASL message properties in GssKrb5Base\n(Security, 8226352) (CVE-2020-2590)\n\n* OpenJDK: Incorrect isBuiltinStreamHandler causing URL normalization\nissues (Networking, 8228548) (CVE-2020-2593)\n\n* OpenJDK: Excessive memory usage in OID processing in X.509\ncertificate parsing (Libraries, 8234037) (CVE-2020-2654)\n\n* OpenJDK: Incorrect exception processing during deserialization in\nBeanContextSupport (Serialization, 8224909) (CVE-2020-2583)\n\n* OpenJDK: Incomplete enforcement of maxDatagramSockets limit in\nDatagramChannelImpl (Networking, 8231795) (CVE-2020-2659)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2020-January/035607.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4b12d7fb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.8.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-2604\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-demo-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-devel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-headless-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-src-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-1.8.0.242.b07-1.el6_10\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-debug-1.8.0.242.b07-1.el6_10\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-demo-1.8.0.242.b07-1.el6_10\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-demo-debug-1.8.0.242.b07-1.el6_10\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-devel-1.8.0.242.b07-1.el6_10\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-devel-debug-1.8.0.242.b07-1.el6_10\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-headless-1.8.0.242.b07-1.el6_10\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-headless-debug-1.8.0.242.b07-1.el6_10\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-javadoc-1.8.0.242.b07-1.el6_10\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-javadoc-debug-1.8.0.242.b07-1.el6_10\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-src-1.8.0.242.b07-1.el6_10\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-src-debug-1.8.0.242.b07-1.el6_10\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk / java-1.8.0-openjdk-debug / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:05:11", "description": "An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Use of unsafe RSA-MD5 checkum in Kerberos TGS (Security, 8229951) (CVE-2020-2601)\n\n* OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604)\n\n* OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590)\n\n* OpenJDK: Incorrect isBuiltinStreamHandler causing URL normalization issues (Networking, 8228548) (CVE-2020-2593)\n\n* OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037) (CVE-2020-2654)\n\n* OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909) (CVE-2020-2583)\n\n* OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795) (CVE-2020-2659)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-01-30T00:00:00", "type": "nessus", "title": "CentOS 7 : java-1.8.0-openjdk (CESA-2020:0196)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2583", "CVE-2020-2590", "CVE-2020-2593", "CVE-2020-2601", "CVE-2020-2604", "CVE-2020-2654", "CVE-2020-2659"], "modified": "2020-02-03T00:00:00", "cpe": ["p-cpe:/a:centos:centos:java-1.8.0-openjdk", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-accessibility", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-accessibility-debug", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-debug", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-demo", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-demo-debug", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-devel", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-devel-debug", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-headless", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-headless-debug", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc-debug", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc-zip", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc-zip-debug", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-src", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-src-debug", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2020-0196.NASL", "href": "https://www.tenable.com/plugins/nessus/133312", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2020:0196 and \n# CentOS Errata and Security Advisory 2020:0196 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133312);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/02/03\");\n\n script_cve_id(\"CVE-2020-2583\", \"CVE-2020-2590\", \"CVE-2020-2593\", \"CVE-2020-2601\", \"CVE-2020-2604\", \"CVE-2020-2654\", \"CVE-2020-2659\");\n script_xref(name:\"RHSA\", value:\"2020:0196\");\n\n script_name(english:\"CentOS 7 : java-1.8.0-openjdk (CESA-2020:0196)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for java-1.8.0-openjdk is now available for Red Hat\nEnterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime\nEnvironment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Use of unsafe RSA-MD5 checkum in Kerberos TGS (Security,\n8229951) (CVE-2020-2601)\n\n* OpenJDK: Serialization filter changes via jdk.serialFilter property\nmodification (Serialization, 8231422) (CVE-2020-2604)\n\n* OpenJDK: Improper checks of SASL message properties in GssKrb5Base\n(Security, 8226352) (CVE-2020-2590)\n\n* OpenJDK: Incorrect isBuiltinStreamHandler causing URL normalization\nissues (Networking, 8228548) (CVE-2020-2593)\n\n* OpenJDK: Excessive memory usage in OID processing in X.509\ncertificate parsing (Libraries, 8234037) (CVE-2020-2654)\n\n* OpenJDK: Incorrect exception processing during deserialization in\nBeanContextSupport (Serialization, 8224909) (CVE-2020-2583)\n\n* OpenJDK: Incomplete enforcement of maxDatagramSockets limit in\nDatagramChannelImpl (Networking, 8231795) (CVE-2020-2659)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2020-January/035617.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9727259b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.8.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-2604\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-accessibility-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-demo-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-devel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-headless-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc-zip-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-src-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-1.8.0.242.b08-0.el7_7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-accessibility-1.8.0.242.b08-0.el7_7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-accessibility-debug-1.8.0.242.b08-0.el7_7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-debug-1.8.0.242.b08-0.el7_7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-1.8.0.242.b08-0.el7_7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-debug-1.8.0.242.b08-0.el7_7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-1.8.0.242.b08-0.el7_7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-debug-1.8.0.242.b08-0.el7_7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-1.8.0.242.b08-0.el7_7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-debug-1.8.0.242.b08-0.el7_7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-javadoc-1.8.0.242.b08-0.el7_7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-javadoc-debug-1.8.0.242.b08-0.el7_7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-javadoc-zip-1.8.0.242.b08-0.el7_7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.242.b08-0.el7_7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-1.8.0.242.b08-0.el7_7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-debug-1.8.0.242.b08-0.el7_7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk / java-1.8.0-openjdk-accessibility / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:09:23", "description": "Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, incorrect implementation of Kerberos GSSAPI and TGS requests or incorrect TLS handshakes.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 7u251-2.6.21-1~deb8u1.\n\nWe recommend that you upgrade your openjdk-7 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-02T00:00:00", "type": "nessus", "title": "Debian DLA-2128-1 : openjdk-7 security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2583", "CVE-2020-2590", "CVE-2020-2593", "CVE-2020-2601", "CVE-2020-2604", "CVE-2020-2654", "CVE-2020-2659"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:icedtea-7-jre-jamvm", "p-cpe:/a:debian:debian_linux:openjdk-7-dbg", "p-cpe:/a:debian:debian_linux:openjdk-7-demo", "p-cpe:/a:debian:debian_linux:openjdk-7-doc", "p-cpe:/a:debian:debian_linux:openjdk-7-jdk", "p-cpe:/a:debian:debian_linux:openjdk-7-jre", "p-cpe:/a:debian:debian_linux:openjdk-7-jre-headless", "p-cpe:/a:debian:debian_linux:openjdk-7-jre-lib", "p-cpe:/a:debian:debian_linux:openjdk-7-jre-zero", "p-cpe:/a:debian:debian_linux:openjdk-7-source", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-2128.NASL", "href": "https://www.tenable.com/plugins/nessus/134179", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2128-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134179);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2020-2583\", \"CVE-2020-2590\", \"CVE-2020-2593\", \"CVE-2020-2601\", \"CVE-2020-2604\", \"CVE-2020-2654\", \"CVE-2020-2659\");\n\n script_name(english:\"Debian DLA-2128-1 : openjdk-7 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the OpenJDK Java\nruntime, resulting in denial of service, incorrect implementation of\nKerberos GSSAPI and TGS requests or incorrect TLS handshakes.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n7u251-2.6.21-1~deb8u1.\n\nWe recommend that you upgrade your openjdk-7 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/openjdk-7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedtea-7-jre-jamvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-7-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-7-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-7-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-7-jdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-7-jre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-7-jre-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-7-jre-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-7-jre-zero\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-7-source\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"icedtea-7-jre-jamvm\", reference:\"7u251-2.6.21-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"openjdk-7-dbg\", reference:\"7u251-2.6.21-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"openjdk-7-demo\", reference:\"7u251-2.6.21-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"openjdk-7-doc\", reference:\"7u251-2.6.21-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"openjdk-7-jdk\", reference:\"7u251-2.6.21-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"openjdk-7-jre\", reference:\"7u251-2.6.21-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"openjdk-7-jre-headless\", reference:\"7u251-2.6.21-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"openjdk-7-jre-lib\", reference:\"7u251-2.6.21-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"openjdk-7-jre-zero\", reference:\"7u251-2.6.21-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"openjdk-7-source\", reference:\"7u251-2.6.21-1~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:05:16", "description": "This update for java-1_8_0-openjdk fixes the following issues :\n\nUpdate java-1_8_0-openjdk to version jdk8u242 (icedtea 3.15.0) (January 2020 CPU, bsc#1160968) :\n\nCVE-2020-2583: Unlink Set of LinkedHashSets\n\nCVE-2020-2590: Improve Kerberos interop capabilities\n\nCVE-2020-2593: Normalize normalization for all\n\nCVE-2020-2601: Better Ticket Granting Services\n\nCVE-2020-2604: Better serial filter handling\n\nCVE-2020-2659: Enhance datagram socket support\n\nCVE-2020-2654: Improve Object Identifier Processing\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-01-27T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : java-1_8_0-openjdk (SUSE-SU-2020:0231-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2583", "CVE-2020-2590", "CVE-2020-2593", "CVE-2020-2601", "CVE-2020-2604", "CVE-2020-2654", "CVE-2020-2659"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-accessibility", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-debuginfo", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-debugsource", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-demo", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-demo-debuginfo", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-devel", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-devel-debuginfo", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-headless", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-headless-debuginfo", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-src", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-0231-1.NASL", "href": "https://www.tenable.com/plugins/nessus/133257", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:0231-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133257);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-2583\", \"CVE-2020-2590\", \"CVE-2020-2593\", \"CVE-2020-2601\", \"CVE-2020-2604\", \"CVE-2020-2654\", \"CVE-2020-2659\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : java-1_8_0-openjdk (SUSE-SU-2020:0231-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for java-1_8_0-openjdk fixes the following issues :\n\nUpdate java-1_8_0-openjdk to version jdk8u242 (icedtea 3.15.0)\n(January 2020 CPU, bsc#1160968) :\n\nCVE-2020-2583: Unlink Set of LinkedHashSets\n\nCVE-2020-2590: Improve Kerberos interop capabilities\n\nCVE-2020-2593: Normalize normalization for all\n\nCVE-2020-2601: Better Ticket Granting Services\n\nCVE-2020-2604: Better serial filter handling\n\nCVE-2020-2659: Enhance datagram socket support\n\nCVE-2020-2654: Improve Object Identifier Processing\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160968\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-2583/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-2590/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-2593/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-2601/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-2604/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-2654/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-2659/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20200231-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bf62fde0\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 15 :\n\nzypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-231=1\n\nSUSE Linux Enterprise Server 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-2020-231=1\n\nSUSE Linux Enterprise Module for Packagehub Subpackages 15 :\n\nzypper in -t patch\nSUSE-SLE-Module-Packagehub-Subpackages-15-2020-231=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-231=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15 :\n\nzypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2020-231=1\n\nSUSE Linux Enterprise Module for Legacy Software 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-231=1\n\nSUSE Linux Enterprise Module for Legacy Software 15 :\n\nzypper in -t patch SUSE-SLE-Module-Legacy-15-2020-231=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-demo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-headless-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"java-1_8_0-openjdk-1.8.0.242-3.30.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"java-1_8_0-openjdk-accessibility-1.8.0.242-3.30.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"java-1_8_0-openjdk-debuginfo-1.8.0.242-3.30.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"java-1_8_0-openjdk-debugsource-1.8.0.242-3.30.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"java-1_8_0-openjdk-demo-1.8.0.242-3.30.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"java-1_8_0-openjdk-demo-debuginfo-1.8.0.242-3.30.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"java-1_8_0-openjdk-devel-1.8.0.242-3.30.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"java-1_8_0-openjdk-devel-debuginfo-1.8.0.242-3.30.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"java-1_8_0-openjdk-headless-1.8.0.242-3.30.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"java-1_8_0-openjdk-headless-debuginfo-1.8.0.242-3.30.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"java-1_8_0-openjdk-src-1.8.0.242-3.30.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"java-1_8_0-openjdk-1.8.0.242-3.30.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"java-1_8_0-openjdk-accessibility-1.8.0.242-3.30.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"java-1_8_0-openjdk-debuginfo-1.8.0.242-3.30.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"java-1_8_0-openjdk-debugsource-1.8.0.242-3.30.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"java-1_8_0-openjdk-demo-1.8.0.242-3.30.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"java-1_8_0-openjdk-demo-debuginfo-1.8.0.242-3.30.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"java-1_8_0-openjdk-devel-1.8.0.242-3.30.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"java-1_8_0-openjdk-devel-debuginfo-1.8.0.242-3.30.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"java-1_8_0-openjdk-headless-1.8.0.242-3.30.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"java-1_8_0-openjdk-headless-debuginfo-1.8.0.242-3.30.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"java-1_8_0-openjdk-src-1.8.0.242-3.30.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"java-1_8_0-openjdk-accessibility-1.8.0.242-3.30.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"java-1_8_0-openjdk-debuginfo-1.8.0.242-3.30.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"java-1_8_0-openjdk-debugsource-1.8.0.242-3.30.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"java-1_8_0-openjdk-src-1.8.0.242-3.30.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"java-1_8_0-openjdk-accessibility-1.8.0.242-3.30.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"java-1_8_0-openjdk-debuginfo-1.8.0.242-3.30.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"java-1_8_0-openjdk-debugsource-1.8.0.242-3.30.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"java-1_8_0-openjdk-src-1.8.0.242-3.30.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_8_0-openjdk\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:05:31", "description": "This update for java-1_8_0-openjdk fixes the following issues :\n\nUpdate java-1_8_0-openjdk to version jdk8u242 (icedtea 3.15.0) (January 2020 CPU, bsc#1160968) :\n\n - CVE-2020-2583: Unlink Set of LinkedHashSets\n\n - CVE-2020-2590: Improve Kerberos interop capabilities\n\n - CVE-2020-2593: Normalize normalization for all\n\n - CVE-2020-2601: Better Ticket Granting Services\n\n - CVE-2020-2604: Better serial filter handling\n\n - CVE-2020-2659: Enhance datagram socket support\n\n - CVE-2020-2654: Improve Object Identifier Processing\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-01-30T00:00:00", "type": "nessus", "title": "openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2020-147)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2583", "CVE-2020-2590", "CVE-2020-2593", "CVE-2020-2601", "CVE-2020-2604", "CVE-2020-2654", "CVE-2020-2659"], "modified": "2020-02-03T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_8_0-openjdk", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-accessibility", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-debuginfo", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-debugsource", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-demo", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-demo-debuginfo", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-devel", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-devel-debuginfo", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-headless", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-headless-debuginfo", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-javadoc", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-src", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-147.NASL", "href": "https://www.tenable.com/plugins/nessus/133346", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-147.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133346);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/02/03\");\n\n script_cve_id(\"CVE-2020-2583\", \"CVE-2020-2590\", \"CVE-2020-2593\", \"CVE-2020-2601\", \"CVE-2020-2604\", \"CVE-2020-2654\", \"CVE-2020-2659\");\n\n script_name(english:\"openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2020-147)\");\n script_summary(english:\"Check for the openSUSE-2020-147 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for java-1_8_0-openjdk fixes the following issues :\n\nUpdate java-1_8_0-openjdk to version jdk8u242 (icedtea 3.15.0)\n(January 2020 CPU, bsc#1160968) :\n\n - CVE-2020-2583: Unlink Set of LinkedHashSets\n\n - CVE-2020-2590: Improve Kerberos interop capabilities\n\n - CVE-2020-2593: Normalize normalization for all\n\n - CVE-2020-2601: Better Ticket Granting Services\n\n - CVE-2020-2604: Better serial filter handling\n\n - CVE-2020-2659: Enhance datagram socket support\n\n - CVE-2020-2654: Improve Object Identifier Processing\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1160968\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_8_0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-demo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-headless-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"java-1_8_0-openjdk-1.8.0.242-lp151.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"java-1_8_0-openjdk-accessibility-1.8.0.242-lp151.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"java-1_8_0-openjdk-debuginfo-1.8.0.242-lp151.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"java-1_8_0-openjdk-debugsource-1.8.0.242-lp151.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"java-1_8_0-openjdk-demo-1.8.0.242-lp151.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"java-1_8_0-openjdk-demo-debuginfo-1.8.0.242-lp151.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"java-1_8_0-openjdk-devel-1.8.0.242-lp151.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"java-1_8_0-openjdk-devel-debuginfo-1.8.0.242-lp151.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"java-1_8_0-openjdk-headless-1.8.0.242-lp151.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"java-1_8_0-openjdk-headless-debuginfo-1.8.0.242-lp151.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"java-1_8_0-openjdk-javadoc-1.8.0.242-lp151.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"java-1_8_0-openjdk-src-1.8.0.242-lp151.2.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_8_0-openjdk / java-1_8_0-openjdk-accessibility / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:04:50", "description": "This update for java-1_8_0-openjdk fixes the following issues :\n\nUpdate java-1_8_0-openjdk to version jdk8u242 (icedtea 3.15.0) (January 2020 CPU, bsc#1160968) :\n\nCVE-2020-2583: Unlink Set of LinkedHashSets\n\nCVE-2020-2590: Improve Kerberos interop capabilities\n\nCVE-2020-2593: Normalize normalization for all\n\nCVE-2020-2601: Better Ticket Granting Services\n\nCVE-2020-2604: Better serial filter handling\n\nCVE-2020-2659: Enhance datagram socket support\n\nCVE-2020-2654: Improve Object Identifier Processing\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-01-31T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2020:0261-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2583", "CVE-2020-2590", "CVE-2020-2593", "CVE-2020-2601", "CVE-2020-2604", "CVE-2020-2654", "CVE-2020-2659"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-debuginfo", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-debugsource", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-demo", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-demo-debuginfo", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-devel", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-devel-debuginfo", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-headless", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-headless-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-0261-1.NASL", "href": "https://www.tenable.com/plugins/nessus/133390", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:0261-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133390);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-2583\", \"CVE-2020-2590\", \"CVE-2020-2593\", \"CVE-2020-2601\", \"CVE-2020-2604\", \"CVE-2020-2654\", \"CVE-2020-2659\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2020:0261-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for java-1_8_0-openjdk fixes the following issues :\n\nUpdate java-1_8_0-openjdk to version jdk8u242 (icedtea 3.15.0)\n(January 2020 CPU, bsc#1160968) :\n\nCVE-2020-2583: Unlink Set of LinkedHashSets\n\nCVE-2020-2590: Improve Kerberos interop capabilities\n\nCVE-2020-2593: Normalize normalization for all\n\nCVE-2020-2601: Better Ticket Granting Services\n\nCVE-2020-2604: Better serial filter handling\n\nCVE-2020-2659: Enhance datagram socket support\n\nCVE-2020-2654: Improve Object Identifier Processing\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160968\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-2583/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-2590/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-2593/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-2601/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-2604/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-2654/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-2659/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20200261-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?302b8a54\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-261=1\n\nSUSE OpenStack Cloud 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-8-2020-261=1\n\nSUSE OpenStack Cloud 7 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-7-2020-261=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP3-2020-261=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP2-2020-261=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP1-2020-261=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-261=1\n\nSUSE Linux Enterprise Server 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-261=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-261=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-261=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-261=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-261=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP1-2020-261=1\n\nSUSE Linux Enterprise Desktop 12-SP4 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2020-261=1\n\nSUSE Enterprise Storage 5 :\n\nzypper in -t patch SUSE-Storage-5-2020-261=1\n\nHPE Helion Openstack 8 :\n\nzypper in -t patch HPE-Helion-OpenStack-8-2020-261=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-demo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-headless-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1|2|3|4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1/2/3/4/5\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_8_0-openjdk-1.8.0.242-27.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_8_0-openjdk-debuginfo-1.8.0.242-27.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_8_0-openjdk-debugsource-1.8.0.242-27.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_8_0-openjdk-demo-1.8.0.242-27.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_8_0-openjdk-demo-debuginfo-1.8.0.242-27.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_8_0-openjdk-devel-1.8.0.242-27.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_8_0-openjdk-headless-1.8.0.242-27.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_8_0-openjdk-headless-debuginfo-1.8.0.242-27.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_8_0-openjdk-1.8.0.242-27.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_8_0-openjdk-debuginfo-1.8.0.242-27.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_8_0-openjdk-debugsource-1.8.0.242-27.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_8_0-openjdk-demo-1.8.0.242-27.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_8_0-openjdk-demo-debuginfo-1.8.0.242-27.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_8_0-openjdk-devel-1.8.0.242-27.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_8_0-openjdk-devel-debuginfo-1.8.0.242-27.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_8_0-openjdk-headless-1.8.0.242-27.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_8_0-openjdk-headless-debuginfo-1.8.0.242-27.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_8_0-openjdk-1.8.0.242-27.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_8_0-openjdk-debuginfo-1.8.0.242-27.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_8_0-openjdk-debugsource-1.8.0.242-27.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_8_0-openjdk-demo-1.8.0.242-27.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_8_0-openjdk-demo-debuginfo-1.8.0.242-27.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_8_0-openjdk-devel-1.8.0.242-27.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_8_0-openjdk-devel-debuginfo-1.8.0.242-27.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_8_0-openjdk-headless-1.8.0.242-27.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_8_0-openjdk-headless-debuginfo-1.8.0.242-27.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_8_0-openjdk-1.8.0.242-27.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_8_0-openjdk-debuginfo-1.8.0.242-27.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_8_0-openjdk-debugsource-1.8.0.242-27.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_8_0-openjdk-demo-1.8.0.242-27.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_8_0-openjdk-demo-debuginfo-1.8.0.242-27.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_8_0-openjdk-devel-1.8.0.242-27.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_8_0-openjdk-devel-debuginfo-1.8.0.242-27.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_8_0-openjdk-headless-1.8.0.242-27.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_8_0-openjdk-headless-debuginfo-1.8.0.242-27.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"java-1_8_0-openjdk-1.8.0.242-27.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"java-1_8_0-openjdk-debuginfo-1.8.0.242-27.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"java-1_8_0-openjdk-debugsource-1.8.0.242-27.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"java-1_8_0-openjdk-demo-1.8.0.242-27.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"java-1_8_0-openjdk-demo-debuginfo-1.8.0.242-27.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"java-1_8_0-openjdk-devel-1.8.0.242-27.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"java-1_8_0-openjdk-devel-debuginfo-1.8.0.242-27.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"java-1_8_0-openjdk-headless-1.8.0.242-27.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"java-1_8_0-openjdk-headless-debuginfo-1.8.0.242-27.41.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_8_0-openjdk-1.8.0.242-27.41.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_8_0-openjdk-debuginfo-1.8.0.242-27.41.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_8_0-openjdk-debugsource-1.8.0.242-27.41.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_8_0-openjdk-headless-1.8.0.242-27.41.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_8_0-openjdk-headless-debuginfo-1.8.0.242-27.41.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_8_0-openjdk\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-26T14:31:53", "description": "The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0157 advisory.\n\n - OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909) (CVE-2020-2583)\n\n - OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590)\n\n - OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548) (CVE-2020-2593)\n\n - OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security, 8229951) (CVE-2020-2601)\n\n - OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604)\n\n - OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037) (CVE-2020-2654)\n\n - OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795) (CVE-2020-2659)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-01-21T00:00:00", "type": "nessus", "title": "RHEL 6 : java-1.8.0-openjdk (RHSA-2020:0157)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2583", "CVE-2020-2590", "CVE-2020-2593", "CVE-2020-2601", "CVE-2020-2604", "CVE-2020-2654", "CVE-2020-2659"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:2.3:o:redhat:enterprise_linux:6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_eus:6.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.8.0-openjdk:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.8.0-openjdk-debug:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.8.0-openjdk-demo:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.8.0-openjdk-demo-debug:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.8.0-openjdk-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.8.0-openjdk-devel-debug:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.8.0-openjdk-headless:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.8.0-openjdk-headless-debug:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc-debug:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.8.0-openjdk-src:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.8.0-openjdk-src-debug:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_els:6:*:*:*:*:*:*:*"], "id": "REDHAT-RHSA-2020-0157.NASL", "href": "https://www.tenable.com/plugins/nessus/133125", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0157. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133125);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2020-2583\",\n \"CVE-2020-2590\",\n \"CVE-2020-2593\",\n \"CVE-2020-2601\",\n \"CVE-2020-2604\",\n \"CVE-2020-2654\",\n \"CVE-2020-2659\"\n );\n script_xref(name:\"RHSA\", value:\"2020:0157\");\n\n script_name(english:\"RHEL 6 : java-1.8.0-openjdk (RHSA-2020:0157)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0157 advisory.\n\n - OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization,\n 8224909) (CVE-2020-2583)\n\n - OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590)\n\n - OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548)\n (CVE-2020-2593)\n\n - OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security, 8229951) (CVE-2020-2601)\n\n - OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422)\n (CVE-2020-2604)\n\n - OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037)\n (CVE-2020-2654)\n\n - OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795)\n (CVE-2020-2659)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2583\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2654\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2659\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1790444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1790556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1790570\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1790884\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1790944\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1791217\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1791284\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-2604\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 172, 327, 471, 770);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_els:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-demo-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-devel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-headless-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-src-debug\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '6')) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/client/6/6Client/i386/debug',\n 'content/dist/rhel/client/6/6Client/i386/optional/debug',\n 'content/dist/rhel/client/6/6Client/i386/optional/os',\n 'content/dist/rhel/client/6/6Client/i386/optional/source/SRPMS',\n 'content/dist/rhel/client/6/6Client/i386/oracle-java-rm/os',\n 'content/dist/rhel/client/6/6Client/i386/oracle-java-rm/source/SRPMS',\n 'content/dist/rhel/client/6/6Client/i386/os',\n 'content/dist/rhel/client/6/6Client/i386/source/SRPMS',\n 'content/dist/rhel/client/6/6Client/i386/supplementary/debug',\n 'content/dist/rhel/client/6/6Client/i386/supplementary/os',\n 'content/dist/rhel/client/6/6Client/i386/supplementary/source/SRPMS',\n 'content/dist/rhel/client/6/6Client/x86_64/debug',\n 'content/dist/rhel/client/6/6Client/x86_64/optional/debug',\n 'content/dist/rhel/client/6/6Client/x86_64/optional/os',\n 'content/dist/rhel/client/6/6Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/6/6Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/6/6Client/x86_64/oracle-java-rm/source/SRPMS',\n 'content/dist/rhel/client/6/6Client/x86_64/os',\n 'content/dist/rhel/client/6/6Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/6/6Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/6/6Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/6/6Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/hpn/debug',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/hpn/os',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/hpn/source/SRPMS',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/oracle-java-rm/source/SRPMS',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/scalablefilesystem/debug',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/scalablefilesystem/os',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/scalablefilesystem/source/SRPMS',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/i386/debug',\n 'content/dist/rhel/server/6/6Server/i386/highavailability/debug',\n 'content/dist/rhel/server/6/6Server/i386/highavailability/os',\n 'content/dist/rhel/server/6/6Server/i386/highavailability/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/i386/loadbalancer/debug',\n 'content/dist/rhel/server/6/6Server/i386/loadbalancer/os',\n 'content/dist/rhel/server/6/6Server/i386/loadbalancer/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/i386/optional/debug',\n 'content/dist/rhel/server/6/6Server/i386/optional/os',\n 'content/dist/rhel/server/6/6Server/i386/optional/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/i386/oracle-java-rm/os',\n 'content/dist/rhel/server/6/6Server/i386/oracle-java-rm/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/i386/os',\n 'content/dist/rhel/server/6/6Server/i386/resilientstorage/debug',\n 'content/dist/rhel/server/6/6Server/i386/resilientstorage/os',\n 'content/dist/rhel/server/6/6Server/i386/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/i386/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/i386/supplementary/debug',\n 'content/dist/rhel/server/6/6Server/i386/supplementary/os',\n 'content/dist/rhel/server/6/6Server/i386/supplementary/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/6/6Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/hpn/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/hpn/os',\n 'content/dist/rhel/server/6/6Server/x86_64/hpn/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/loadbalancer/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/loadbalancer/os',\n 'content/dist/rhel/server/6/6Server/x86_64/loadbalancer/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/optional/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/optional/os',\n 'content/dist/rhel/server/6/6Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/6/6Server/x86_64/oracle-java-rm/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/os',\n 'content/dist/rhel/server/6/6Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/6/6Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/6/6Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/sap/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/sap/os',\n 'content/dist/rhel/server/6/6Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/scalablefilesystem/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/scalablefilesystem/os',\n 'content/dist/rhel/server/6/6Server/x86_64/scalablefilesystem/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/6/6Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/i386/debug',\n 'content/dist/rhel/workstation/6/6Workstation/i386/optional/debug',\n 'content/dist/rhel/workstation/6/6Workstation/i386/optional/os',\n 'content/dist/rhel/workstation/6/6Workstation/i386/optional/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/i386/oracle-java-rm/os',\n 'content/dist/rhel/workstation/6/6Workstation/i386/oracle-java-rm/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/i386/os',\n 'content/dist/rhel/workstation/6/6Workstation/i386/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/i386/supplementary/debug',\n 'content/dist/rhel/workstation/6/6Workstation/i386/supplementary/os',\n 'content/dist/rhel/workstation/6/6Workstation/i386/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/oracle-java-rm/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/os',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/scalablefilesystem/debug',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/scalablefilesystem/os',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/scalablefilesystem/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/supplementary/source/SRPMS',\n 'content/els/rhel/server/6/6Server/i386/debug',\n 'content/els/rhel/server/6/6Server/i386/optional/debug',\n 'content/els/rhel/server/6/6Server/i386/optional/os',\n 'content/els/rhel/server/6/6Server/i386/optional/source/SRPMS',\n 'content/els/rhel/server/6/6Server/i386/os',\n 'content/els/rhel/server/6/6Server/i386/source/SRPMS',\n 'content/els/rhel/server/6/6Server/x86_64/debug',\n 'content/els/rhel/server/6/6Server/x86_64/optional/debug',\n 'content/els/rhel/server/6/6Server/x86_64/optional/os',\n 'content/els/rhel/server/6/6Server/x86_64/optional/source/SRPMS',\n 'content/els/rhel/server/6/6Server/x86_64/os',\n 'content/els/rhel/server/6/6Server/x86_64/sap-hana/debug',\n 'content/els/rhel/server/6/6Server/x86_64/sap-hana/os',\n 'content/els/rhel/server/6/6Server/x86_64/sap-hana/source/SRPMS',\n 'content/els/rhel/server/6/6Server/x86_64/sap/debug',\n 'content/els/rhel/server/6/6Server/x86_64/sap/os',\n 'content/els/rhel/server/6/6Server/x86_64/sap/source/SRPMS',\n 'content/els/rhel/server/6/6Server/x86_64/source/SRPMS',\n 'content/fastrack/rhel/client/6/i386/debug',\n 'content/fastrack/rhel/client/6/i386/optional/debug',\n 'content/fastrack/rhel/client/6/i386/optional/os',\n 'content/fastrack/rhel/client/6/i386/optional/source/SRPMS',\n 'content/fastrack/rhel/client/6/i386/os',\n 'content/fastrack/rhel/client/6/i386/source/SRPMS',\n 'content/fastrack/rhel/client/6/x86_64/debug',\n 'content/fastrack/rhel/client/6/x86_64/optional/debug',\n 'content/fastrack/rhel/client/6/x86_64/optional/os',\n 'content/fastrack/rhel/client/6/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/6/x86_64/os',\n 'content/fastrack/rhel/client/6/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/6/x86_64/debug',\n 'content/fastrack/rhel/computenode/6/x86_64/hpn/debug',\n 'content/fastrack/rhel/computenode/6/x86_64/hpn/os',\n 'content/fastrack/rhel/computenode/6/x86_64/hpn/source/SRPMS',\n 'content/fastrack/rhel/computenode/6/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/6/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/6/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/6/x86_64/os',\n 'content/fastrack/rhel/computenode/6/x86_64/scalablefilesystem/debug',\n 'content/fastrack/rhel/computenode/6/x86_64/scalablefilesystem/os',\n 'content/fastrack/rhel/computenode/6/x86_64/scalablefilesystem/source/SRPMS',\n 'content/fastrack/rhel/computenode/6/x86_64/source/SRPMS',\n 'content/fastrack/rhel/server/6/i386/debug',\n 'content/fastrack/rhel/server/6/i386/highavailability/debug',\n 'content/fastrack/rhel/server/6/i386/highavailability/os',\n 'content/fastrack/rhel/server/6/i386/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/6/i386/loadbalancer/debug',\n 'content/fastrack/rhel/server/6/i386/loadbalancer/os',\n 'content/fastrack/rhel/server/6/i386/loadbalancer/source/SRPMS',\n 'content/fastrack/rhel/server/6/i386/optional/debug',\n 'content/fastrack/rhel/server/6/i386/optional/os',\n 'content/fastrack/rhel/server/6/i386/optional/source/SRPMS',\n 'content/fastrack/rhel/server/6/i386/os',\n 'content/fastrack/rhel/server/6/i386/resilientstorage/debug',\n 'content/fastrack/rhel/server/6/i386/resilientstorage/os',\n 'content/fastrack/rhel/server/6/i386/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/6/i386/source/SRPMS',\n 'content/fastrack/rhel/server/6/x86_64/debug',\n 'content/fastrack/rhel/server/6/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/6/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/6/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/6/x86_64/hpn/debug',\n 'content/fastrack/rhel/server/6/x86_64/hpn/os',\n 'content/fastrack/rhel/server/6/x86_64/hpn/source/SRPMS',\n 'content/fastrack/rhel/server/6/x86_64/loadbalancer/debug',\n 'content/fastrack/rhel/server/6/x86_64/loadbalancer/os',\n 'content/fastrack/rhel/server/6/x86_64/loadbalancer/source/SRPMS',\n 'content/fastrack/rhel/server/6/x86_64/optional/debug',\n 'content/fastrack/rhel/server/6/x86_64/optional/os',\n 'content/fastrack/rhel/server/6/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/6/x86_64/os',\n 'content/fastrack/rhel/server/6/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/6/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/6/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/6/x86_64/scalablefilesystem/debug',\n 'content/fastrack/rhel/server/6/x86_64/scalablefilesystem/os',\n 'content/fastrack/rhel/server/6/x86_64/scalablefilesystem/source/SRPMS',\n 'content/fastrack/rhel/server/6/x86_64/source/SRPMS',\n 'content/fastrack/rhel/workstation/6/i386/debug',\n 'content/fastrack/rhel/workstation/6/i386/optional/debug',\n 'content/fastrack/rhel/workstation/6/i386/optional/os',\n 'content/fastrack/rhel/workstation/6/i386/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/6/i386/os',\n 'content/fastrack/rhel/workstation/6/i386/source/SRPMS',\n 'content/fastrack/rhel/workstation/6/x86_64/debug',\n 'content/fastrack/rhel/workstation/6/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/6/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/6/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/6/x86_64/os',\n 'content/fastrack/rhel/workstation/6/x86_64/scalablefilesystem/debug',\n 'content/fastrack/rhel/workstation/6/x86_64/scalablefilesystem/os',\n 'content/fastrack/rhel/workstation/6/x86_64/scalablefilesystem/source/SRPMS',\n 'content/fastrack/rhel/workstation/6/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'java-1.8.0-openjdk-1.8.0.242.b07-1.el6_10', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-1.8.0.242.b07-1.el6_10', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-debug-1.8.0.242.b07-1.el6_10', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-debug-1.8.0.242.b07-1.el6_10', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-demo-1.8.0.242.b07-1.el6_10', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-demo-1.8.0.242.b07-1.el6_10', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-demo-debug-1.8.0.242.b07-1.el6_10', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-demo-debug-1.8.0.242.b07-1.el6_10', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-devel-1.8.0.242.b07-1.el6_10', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-devel-1.8.0.242.b07-1.el6_10', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-devel-debug-1.8.0.242.b07-1.el6_10', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-devel-debug-1.8.0.242.b07-1.el6_10', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-headless-1.8.0.242.b07-1.el6_10', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-headless-1.8.0.242.b07-1.el6_10', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-headless-debug-1.8.0.242.b07-1.el6_10', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-headless-debug-1.8.0.242.b07-1.el6_10', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-javadoc-1.8.0.242.b07-1.el6_10', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-javadoc-debug-1.8.0.242.b07-1.el6_10', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-src-1.8.0.242.b07-1.el6_10', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-src-1.8.0.242.b07-1.el6_10', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-src-debug-1.8.0.242.b07-1.el6_10', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-src-debug-1.8.0.242.b07-1.el6_10', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'java-1.8.0-openjdk / java-1.8.0-openjdk-debug / etc');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:04:11", "description": "From Red Hat Security Advisory 2020:0157 :\n\nAn update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Use of unsafe RSA-MD5 checkum in Kerberos TGS (Security, 8229951) (CVE-2020-2601)\n\n* OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604)\n\n* OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590)\n\n* OpenJDK: Incorrect isBuiltinStreamHandler causing URL normalization issues (Networking, 8228548) (CVE-2020-2593)\n\n* OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037) (CVE-2020-2654)\n\n* OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909) (CVE-2020-2583)\n\n* OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795) (CVE-2020-2659)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-01-22T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : java-1.8.0-openjdk (ELSA-2020-0157)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2583", "CVE-2020-2590", "CVE-2020-2593", "CVE-2020-2601", "CVE-2020-2604", "CVE-2020-2654", "CVE-2020-2659"], "modified": "2020-01-24T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:java-1.8.0-openjdk", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-debug", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-demo", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-demo-debug", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-devel", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-devel-debug", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-headless", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-headless-debug", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc-debug", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-src", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-src-debug", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2020-0157.NASL", "href": "https://www.tenable.com/plugins/nessus/133154", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0157 and \n# Oracle Linux Security Advisory ELSA-2020-0157 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133154);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/24\");\n\n script_cve_id(\"CVE-2020-2583\", \"CVE-2020-2590\", \"CVE-2020-2593\", \"CVE-2020-2601\", \"CVE-2020-2604\", \"CVE-2020-2654\", \"CVE-2020-2659\");\n script_xref(name:\"RHSA\", value:\"2020:0157\");\n\n script_name(english:\"Oracle Linux 6 : java-1.8.0-openjdk (ELSA-2020-0157)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2020:0157 :\n\nAn update for java-1.8.0-openjdk is now available for Red Hat\nEnterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime\nEnvironment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Use of unsafe RSA-MD5 checkum in Kerberos TGS (Security,\n8229951) (CVE-2020-2601)\n\n* OpenJDK: Serialization filter changes via jdk.serialFilter property\nmodification (Serialization, 8231422) (CVE-2020-2604)\n\n* OpenJDK: Improper checks of SASL message properties in GssKrb5Base\n(Security, 8226352) (CVE-2020-2590)\n\n* OpenJDK: Incorrect isBuiltinStreamHandler causing URL normalization\nissues (Networking, 8228548) (CVE-2020-2593)\n\n* OpenJDK: Excessive memory usage in OID processing in X.509\ncertificate parsing (Libraries, 8234037) (CVE-2020-2654)\n\n* OpenJDK: Incorrect exception processing during deserialization in\nBeanContextSupport (Serialization, 8224909) (CVE-2020-2583)\n\n* OpenJDK: Incomplete enforcement of maxDatagramSockets limit in\nDatagramChannelImpl (Networking, 8231795) (CVE-2020-2659)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2020-January/009534.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.8.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-2604\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-demo-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-devel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-headless-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-src-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-1.8.0.242.b07-1.el6_10\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-debug-1.8.0.242.b07-1.el6_10\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-demo-1.8.0.242.b07-1.el6_10\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-demo-debug-1.8.0.242.b07-1.el6_10\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-devel-1.8.0.242.b07-1.el6_10\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-devel-debug-1.8.0.242.b07-1.el6_10\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-headless-1.8.0.242.b07-1.el6_10\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-headless-debug-1.8.0.242.b07-1.el6_10\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-javadoc-1.8.0.242.b07-1.el6_10\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-javadoc-debug-1.8.0.242.b07-1.el6_10\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-src-1.8.0.242.b07-1.el6_10\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-src-debug-1.8.0.242.b07-1.el6_10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk / java-1.8.0-openjdk-debug / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:05:28", "description": "Security Fix(es) :\n\n - OpenJDK: Use of unsafe RSA-MD5 checkum in Kerberos TGS (Security, 8229951) (CVE-2020-2601)\n\n - OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604)\n\n - OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590)\n\n - OpenJDK: Incorrect isBuiltinStreamHandler causing URL normalization issues (Networking, 8228548) (CVE-2020-2593)\n\n - OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037) (CVE-2020-2654)\n\n - OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909) (CVE-2020-2583)\n\n - OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795) (CVE-2020-2659)", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-01-22T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x i386/x86_64 (20200121)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2583", "CVE-2020-2590", "CVE-2020-2593", "CVE-2020-2601", "CVE-2020-2604", "CVE-2020-2654", "CVE-2020-2659"], "modified": "2020-02-24T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-debug", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-debuginfo", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-demo", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-demo-debug", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-devel", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-devel-debug", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-headless", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-headless-debug", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-javadoc", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-javadoc-debug", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-src", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-src-debug", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20200121_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/133169", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133169);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2020-2583\", \"CVE-2020-2590\", \"CVE-2020-2593\", \"CVE-2020-2601\", \"CVE-2020-2604\", \"CVE-2020-2654\", \"CVE-2020-2659\");\n\n script_name(english:\"Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x i386/x86_64 (20200121)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - OpenJDK: Use of unsafe RSA-MD5 checkum in Kerberos TGS\n (Security, 8229951) (CVE-2020-2601)\n\n - OpenJDK: Serialization filter changes via\n jdk.serialFilter property modification (Serialization,\n 8231422) (CVE-2020-2604)\n\n - OpenJDK: Improper checks of SASL message properties in\n GssKrb5Base (Security, 8226352) (CVE-2020-2590)\n\n - OpenJDK: Incorrect isBuiltinStreamHandler causing URL\n normalization issues (Networking, 8228548)\n (CVE-2020-2593)\n\n - OpenJDK: Excessive memory usage in OID processing in\n X.509 certificate parsing (Libraries, 8234037)\n (CVE-2020-2654)\n\n - OpenJDK: Incorrect exception processing during\n deserialization in BeanContextSupport (Serialization,\n 8224909) (CVE-2020-2583)\n\n - OpenJDK: Incomplete enforcement of maxDatagramSockets\n limit in DatagramChannelImpl (Networking, 8231795)\n (CVE-2020-2659)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2001&L=SCIENTIFIC-LINUX-ERRATA&P=5025\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b5769038\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-2604\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-demo-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-devel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-headless-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-javadoc-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-src-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-1.8.0.242.b07-1.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-debug-1.8.0.242.b07-1.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-debuginfo-1.8.0.242.b07-1.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-demo-1.8.0.242.b07-1.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-demo-debug-1.8.0.242.b07-1.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-devel-1.8.0.242.b07-1.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-devel-debug-1.8.0.242.b07-1.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-headless-1.8.0.242.b07-1.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-headless-debug-1.8.0.242.b07-1.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-javadoc-1.8.0.242.b07-1.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-javadoc-debug-1.8.0.242.b07-1.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-src-1.8.0.242.b07-1.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-src-debug-1.8.0.242.b07-1.el6_10\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk / java-1.8.0-openjdk-debug / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:04:10", "description": "From Red Hat Security Advisory 2020:0196 :\n\nAn update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Use of unsafe RSA-MD5 checkum in Kerberos TGS (Security, 8229951) (CVE-2020-2601)\n\n* OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604)\n\n* OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590)\n\n* OpenJDK: Incorrect isBuiltinStreamHandler causing URL normalization issues (Networking, 8228548) (CVE-2020-2593)\n\n* OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037) (CVE-2020-2654)\n\n* OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909) (CVE-2020-2583)\n\n* OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795) (CVE-2020-2659)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-01-23T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : java-1.8.0-openjdk (ELSA-2020-0196)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2583", "CVE-2020-2590", "CVE-2020-2593", "CVE-2020-2601", "CVE-2020-2604", "CVE-2020-2654", "CVE-2020-2659"], "modified": "2020-01-27T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:java-1.8.0-openjdk", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-accessibility", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-accessibility-debug", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-debug", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-demo", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-demo-debug", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-devel", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-devel-debug", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-headless", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-headless-debug", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc-debug", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc-zip", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc-zip-debug", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-src", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-src-debug", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2020-0196.NASL", "href": "https://www.tenable.com/plugins/nessus/133184", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0196 and \n# Oracle Linux Security Advisory ELSA-2020-0196 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133184);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/27\");\n\n script_cve_id(\"CVE-2020-2583\", \"CVE-2020-2590\", \"CVE-2020-2593\", \"CVE-2020-2601\", \"CVE-2020-2604\", \"CVE-2020-2654\", \"CVE-2020-2659\");\n script_xref(name:\"RHSA\", value:\"2020:0196\");\n\n script_name(english:\"Oracle Linux 7 : java-1.8.0-openjdk (ELSA-2020-0196)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2020:0196 :\n\nAn update for java-1.8.0-openjdk is now available for Red Hat\nEnterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime\nEnvironment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Use of unsafe RSA-MD5 checkum in Kerberos TGS (Security,\n8229951) (CVE-2020-2601)\n\n* OpenJDK: Serialization filter changes via jdk.serialFilter property\nmodification (Serialization, 8231422) (CVE-2020-2604)\n\n* OpenJDK: Improper checks of SASL message properties in GssKrb5Base\n(Security, 8226352) (CVE-2020-2590)\n\n* OpenJDK: Incorrect isBuiltinStreamHandler causing URL normalization\nissues (Networking, 8228548) (CVE-2020-2593)\n\n* OpenJDK: Excessive memory usage in OID processing in X.509\ncertificate parsing (Libraries, 8234037) (CVE-2020-2654)\n\n* OpenJDK: Incorrect exception processing during deserialization in\nBeanContextSupport (Serialization, 8224909) (CVE-2020-2583)\n\n* OpenJDK: Incomplete enforcement of maxDatagramSockets limit in\nDatagramChannelImpl (Networking, 8231795) (CVE-2020-2659)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2020-January/009537.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.8.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-2604\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-accessibility-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-demo-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-devel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-headless-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc-zip-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-src-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-1.8.0.242.b08-0.el7_7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-accessibility-1.8.0.242.b08-0.el7_7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-accessibility-debug-1.8.0.242.b08-0.el7_7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-debug-1.8.0.242.b08-0.el7_7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-1.8.0.242.b08-0.el7_7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-debug-1.8.0.242.b08-0.el7_7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-1.8.0.242.b08-0.el7_7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-debug-1.8.0.242.b08-0.el7_7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-1.8.0.242.b08-0.el7_7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-debug-1.8.0.242.b08-0.el7_7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-javadoc-1.8.0.242.b08-0.el7_7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-javadoc-debug-1.8.0.242.b08-0.el7_7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-javadoc-zip-1.8.0.242.b08-0.el7_7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.242.b08-0.el7_7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-1.8.0.242.b08-0.el7_7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-debug-1.8.0.242.b08-0.el7_7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk / java-1.8.0-openjdk-accessibility / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:04:44", "description": "From Red Hat Security Advisory 2020:0202 :\n\nAn update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Use of unsafe RSA-MD5 checkum in Kerberos TGS (Security, 8229951) (CVE-2020-2601)\n\n* OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604)\n\n* OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590)\n\n* OpenJDK: Incorrect isBuiltinStreamHandler causing URL normalization issues (Networking, 8228548) (CVE-2020-2593)\n\n* OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037) (CVE-2020-2654)\n\n* OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909) (CVE-2020-2583)\n\n* OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795) (CVE-2020-2659)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-01-23T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : java-1.8.0-openjdk (ELSA-2020-0202)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2583", "CVE-2020-2590", "CVE-2020-2593", "CVE-2020-2601", "CVE-2020-2604", "CVE-2020-2654", "CVE-2020-2659"], "modified": "2020-01-27T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:java-1.8.0-openjdk", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-accessibility", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-demo", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-devel", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-headless", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc-zip", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-src", "cpe:/o:oracle:linux:8"], "id": "ORACLELINUX_ELSA-2020-0202.NASL", "href": "https://www.tenable.com/plugins/nessus/133186", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0202 and \n# Oracle Linux Security Advisory ELSA-2020-0202 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133186);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/27\");\n\n script_cve_id(\"CVE-2020-2583\", \"CVE-2020-2590\", \"CVE-2020-2593\", \"CVE-2020-2601\", \"CVE-2020-2604\", \"CVE-2020-2654\", \"CVE-2020-2659\");\n script_xref(name:\"RHSA\", value:\"2020:0202\");\n\n script_name(english:\"Oracle Linux 8 : java-1.8.0-openjdk (ELSA-2020-0202)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2020:0202 :\n\nAn update for java-1.8.0-openjdk is now available for Red Hat\nEnterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime\nEnvironment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Use of unsafe RSA-MD5 checkum in Kerberos TGS (Security,\n8229951) (CVE-2020-2601)\n\n* OpenJDK: Serialization filter changes via jdk.serialFilter property\nmodification (Serialization, 8231422) (CVE-2020-2604)\n\n* OpenJDK: Improper checks of SASL message properties in GssKrb5Base\n(Security, 8226352) (CVE-2020-2590)\n\n* OpenJDK: Incorrect isBuiltinStreamHandler causing URL normalization\nissues (Networking, 8228548) (CVE-2020-2593)\n\n* OpenJDK: Excessive memory usage in OID processing in X.509\ncertificate parsing (Libraries, 8234037) (CVE-2020-2654)\n\n* OpenJDK: Incorrect exception processing during deserialization in\nBeanContextSupport (Serialization, 8224909) (CVE-2020-2583)\n\n* OpenJDK: Incomplete enforcement of maxDatagramSockets limit in\nDatagramChannelImpl (Networking, 8231795) (CVE-2020-2659)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2020-January/009541.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.8.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-2604\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 8\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-1.8.0.242.b08-0.el8_1\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-accessibility-1.8.0.242.b08-0.el8_1\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-1.8.0.242.b08-0.el8_1\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-1.8.0.242.b08-0.el8_1\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-1.8.0.242.b08-0.el8_1\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-javadoc-1.8.0.242.b08-0.el8_1\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-javadoc-zip-1.8.0.242.b08-0.el8_1\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-1.8.0.242.b08-0.el8_1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk / java-1.8.0-openjdk-accessibility / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:09:00", "description": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231.\nDifficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2020-2583)\n\nVulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231.\nDifficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2020-2590 )\n\nVulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231.\nDifficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).(CVE-2020-2593)\n\nVulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231.\nDifficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).(CVE-2020-2601)\n\nVulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231.\nDifficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).(CVE-2020-2604)\n\nVulnerability in the Java SE product of Oracle Java SE (component:\nLibraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2020-2654)\n\nVulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.\nSuccessful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2020-2659)", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-19T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : java-1.7.0-openjdk (ALAS-2020-1403)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2583", "CVE-2020-2590", "CVE-2020-2593", "CVE-2020-2601", "CVE-2020-2604", "CVE-2020-2654", "CVE-2020-2659"], "modified": "2020-03-23T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:java-1.7.0-openjdk", "p-cpe:/a:amazon:linux:java-1.7.0-openjdk-accessibility", "p-cpe:/a:amazon:linux:java-1.7.0-openjdk-debuginfo", "p-cpe:/a:amazon:linux:java-1.7.0-openjdk-demo", "p-cpe:/a:amazon:linux:java-1.7.0-openjdk-devel", "p-cpe:/a:amazon:linux:java-1.7.0-openjdk-headless", "p-cpe:/a:amazon:linux:java-1.7.0-openjdk-javadoc", "p-cpe:/a:amazon:linux:java-1.7.0-openjdk-src", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2020-1403.NASL", "href": "https://www.tenable.com/plugins/nessus/134678", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2020-1403.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(134678);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/23\");\n\n script_cve_id(\"CVE-2020-2583\", \"CVE-2020-2590\", \"CVE-2020-2593\", \"CVE-2020-2601\", \"CVE-2020-2604\", \"CVE-2020-2654\", \"CVE-2020-2659\");\n script_xref(name:\"ALAS\", value:\"2020-1403\");\n\n script_name(english:\"Amazon Linux 2 : java-1.7.0-openjdk (ALAS-2020-1403)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java\nSE (component: Serialization). Supported versions that are affected\nare Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231.\nDifficult to exploit vulnerability allows unauthenticated attacker\nwith network access via multiple protocols to compromise Java SE, Java\nSE Embedded. Successful attacks of this vulnerability can result in\nunauthorized ability to cause a partial denial of service (partial\nDOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to\nJava deployments, typically in clients running sandboxed Java Web\nStart applications or sandboxed Java applets (in Java SE 8), that load\nand run untrusted code (e.g., code that comes from the internet) and\nrely on the Java sandbox for security. This vulnerability can also be\nexploited by using APIs in the specified Component, e.g., through a\nweb service which supplies data to the APIs. CVSS 3.0 Base Score 3.7\n(Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2020-2583)\n\nVulnerability in the Java SE, Java SE Embedded product of Oracle Java\nSE (component: Security). Supported versions that are affected are\nJava SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231.\nDifficult to exploit vulnerability allows unauthenticated attacker\nwith network access via Kerberos to compromise Java SE, Java SE\nEmbedded. Successful attacks of this vulnerability can result in\nunauthorized update, insert or delete access to some of Java SE, Java\nSE Embedded accessible data. Note: This vulnerability applies to Java\ndeployments, typically in clients running sandboxed Java Web Start\napplications or sandboxed Java applets (in Java SE 8), that load and\nrun untrusted code (e.g., code that comes from the internet) and rely\non the Java sandbox for security. This vulnerability can also be\nexploited by using APIs in the specified Component, e.g., through a\nweb service which supplies data to the APIs. CVSS 3.0 Base Score 3.7\n(Integrity impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).(CVE-2020-2590 )\n\nVulnerability in the Java SE, Java SE Embedded product of Oracle Java\nSE (component: Networking). Supported versions that are affected are\nJava SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231.\nDifficult to exploit vulnerability allows unauthenticated attacker\nwith network access via multiple protocols to compromise Java SE, Java\nSE Embedded. Successful attacks of this vulnerability can result in\nunauthorized update, insert or delete access to some of Java SE, Java\nSE Embedded accessible data as well as unauthorized read access to a\nsubset of Java SE, Java SE Embedded accessible data. Note: This\nvulnerability applies to Java deployments, typically in clients\nrunning sandboxed Java Web Start applications or sandboxed Java\napplets (in Java SE 8), that load and run untrusted code (e.g., code\nthat comes from the internet) and rely on the Java sandbox for\nsecurity. This vulnerability can also be exploited by using APIs in\nthe specified Component, e.g., through a web service which supplies\ndata to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and\nIntegrity impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).(CVE-2020-2593)\n\nVulnerability in the Java SE, Java SE Embedded product of Oracle Java\nSE (component: Security). Supported versions that are affected are\nJava SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231.\nDifficult to exploit vulnerability allows unauthenticated attacker\nwith network access via Kerberos to compromise Java SE, Java SE\nEmbedded. While the vulnerability is in Java SE, Java SE Embedded,\nattacks may significantly impact additional products. Successful\nattacks of this vulnerability can result in unauthorized access to\ncritical data or complete access to all Java SE, Java SE Embedded\naccessible data. Note: This vulnerability applies to Java deployments,\ntypically in clients running sandboxed Java Web Start applications or\nsandboxed Java applets (in Java SE 8), that load and run untrusted\ncode (e.g., code that comes from the internet) and rely on the Java\nsandbox for security. This vulnerability can also be exploited by\nusing APIs in the specified Component, e.g., through a web service\nwhich supplies data to the APIs. CVSS 3.0 Base Score 6.8\n(Confidentiality impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).(CVE-2020-2601)\n\nVulnerability in the Java SE, Java SE Embedded product of Oracle Java\nSE (component: Serialization). Supported versions that are affected\nare Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231.\nDifficult to exploit vulnerability allows unauthenticated attacker\nwith network access via multiple protocols to compromise Java SE, Java\nSE Embedded. Successful attacks of this vulnerability can result in\ntakeover of Java SE, Java SE Embedded. Note: This vulnerability\napplies to Java deployments, typically in clients running sandboxed\nJava Web Start applications or sandboxed Java applets (in Java SE 8),\nthat load and run untrusted code (e.g., code that comes from the\ninternet) and rely on the Java sandbox for security. This\nvulnerability can also be exploited by using APIs in the specified\nComponent, e.g., through a web service which supplies data to the\nAPIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and\nAvailability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).(CVE-2020-2604)\n\nVulnerability in the Java SE product of Oracle Java SE (component:\nLibraries). Supported versions that are affected are Java SE: 7u241,\n8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows\nunauthenticated attacker with network access via multiple protocols to\ncompromise Java SE. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a partial denial of service\n(partial DOS) of Java SE. Note: This vulnerability can only be\nexploited by supplying data to APIs in the specified Component without\nusing Untrusted Java Web Start applications or Untrusted Java applets,\nsuch as through a web service. CVSS 3.0 Base Score 3.7 (Availability\nimpacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2020-2654)\n\nVulnerability in the Java SE, Java SE Embedded product of Oracle Java\nSE (component: Networking). Supported versions that are affected are\nJava SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to\nexploit vulnerability allows unauthenticated attacker with network\naccess via multiple protocols to compromise Java SE, Java SE Embedded.\nSuccessful attacks of this vulnerability can result in unauthorized\nability to cause a partial denial of service (partial DOS) of Java SE,\nJava SE Embedded. Note: This vulnerability applies to Java\ndeployments, typically in clients running sandboxed Java Web Start\napplications or sandboxed Java applets (in Java SE 8), that load and\nrun untrusted code (e.g., code that comes from the internet) and rely\non the Java sandbox for security. This vulnerability can also be\nexploited by using APIs in the specified Component, e.g., through a\nweb service which supplies data to the APIs. CVSS 3.0 Base Score 3.7\n(Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2020-2659)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2020-1403.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update java-1.7.0-openjdk' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", reference:\"java-1.7.0-openjdk-1.7.0.251-2.6.21.0.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.7.0-openjdk-accessibility-1.7.0.251-2.6.21.0.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.251-2.6.21.0.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.7.0-openjdk-demo-1.7.0.251-2.6.21.0.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.7.0-openjdk-devel-1.7.0.251-2.6.21.0.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.7.0-openjdk-headless-1.7.0.251-2.6.21.0.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.251-2.6.21.0.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.7.0-openjdk-src-1.7.0.251-2.6.21.0.amzn2.0.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-accessibility / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:06:47", "description": "Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, incorrect implementation of Kerberos GSSAPI and TGS requests or incorrect TLS handshakes.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-02-13T00:00:00", "type": "nessus", "title": "Debian DSA-4621-1 : openjdk-8 - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2583", "CVE-2020-2590", "CVE-2020-2593", "CVE-2020-2601", "CVE-2020-2604", "CVE-2020-2654", "CVE-2020-2659"], "modified": "2020-02-18T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openjdk-8", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4621.NASL", "href": "https://www.tenable.com/plugins/nessus/133658", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4621. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133658);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/02/18\");\n\n script_cve_id(\"CVE-2020-2583\", \"CVE-2020-2590\", \"CVE-2020-2593\", \"CVE-2020-2601\", \"CVE-2020-2604\", \"CVE-2020-2654\", \"CVE-2020-2659\");\n script_xref(name:\"DSA\", value:\"4621\");\n\n script_name(english:\"Debian DSA-4621-1 : openjdk-8 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the OpenJDK Java\nruntime, resulting in denial of service, incorrect implementation of\nKerberos GSSAPI and TGS requests or incorrect TLS handshakes.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/openjdk-8\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/openjdk-8\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2020/dsa-4621\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openjdk-8 packages.\n\nFor the oldstable distribution (stretch), these problems have been\nfixed in version 8u242-b08-1~deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"openjdk-8-dbg\", reference:\"8u242-b08-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"openjdk-8-demo\", reference:\"8u242-b08-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"openjdk-8-doc\", reference:\"8u242-b08-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"openjdk-8-jdk\", reference:\"8u242-b08-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"openjdk-8-jdk-headless\", reference:\"8u242-b08-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"openjdk-8-jre\", reference:\"8u242-b08-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"openjdk-8-jre-headless\", reference:\"8u242-b08-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"openjdk-8-jre-zero\", reference:\"8u242-b08-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"openjdk-8-source\", reference:\"8u242-b08-1~deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:06:12", "description": "An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security, 8229951) (CVE-2020-2601)\n\n* OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604)\n\n* OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590)\n\n* OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548) (CVE-2020-2593)\n\n* OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037) (CVE-2020-2654)\n\n* OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909) (CVE-2020-2583)\n\n* OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795) (CVE-2020-2659)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-02-19T00:00:00", "type": "nessus", "title": "CentOS 7 : java-1.7.0-openjdk (CESA-2020:0541)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2583", "CVE-2020-2590", "CVE-2020-2593", "CVE-2020-2601", "CVE-2020-2604", "CVE-2020-2654", "CVE-2020-2659"], "modified": "2020-02-24T00:00:00", "cpe": ["p-cpe:/a:centos:centos:java-1.7.0-openjdk", "p-cpe:/a:centos:centos:java-1.7.0-openjdk-accessibility", "p-cpe:/a:centos:centos:java-1.7.0-openjdk-demo", "p-cpe:/a:centos:centos:java-1.7.0-openjdk-devel", "p-cpe:/a:centos:centos:java-1.7.0-openjdk-headless", "p-cpe:/a:centos:centos:java-1.7.0-openjdk-javadoc", "p-cpe:/a:centos:centos:java-1.7.0-openjdk-src", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2020-0541.NASL", "href": "https://www.tenable.com/plugins/nessus/133771", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2020:0541 and \n# CentOS Errata and Security Advisory 2020:0541 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133771);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2020-2583\", \"CVE-2020-2590\", \"CVE-2020-2593\", \"CVE-2020-2601\", \"CVE-2020-2604\", \"CVE-2020-2654\", \"CVE-2020-2659\");\n script_xref(name:\"RHSA\", value:\"2020:0541\");\n\n script_name(english:\"CentOS 7 : java-1.7.0-openjdk (CESA-2020:0541)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for java-1.7.0-openjdk is now available for Red Hat\nEnterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security,\n8229951) (CVE-2020-2601)\n\n* OpenJDK: Serialization filter changes via jdk.serialFilter property\nmodification (Serialization, 8231422) (CVE-2020-2604)\n\n* OpenJDK: Improper checks of SASL message properties in GssKrb5Base\n(Security, 8226352) (CVE-2020-2590)\n\n* OpenJDK: Incorrect isBuiltinStreamHandler check causing URL\nnormalization issues (Networking, 8228548) (CVE-2020-2593)\n\n* OpenJDK: Excessive memory usage in OID processing in X.509\ncertificate parsing (Libraries, 8234037) (CVE-2020-2654)\n\n* OpenJDK: Incorrect exception processing during deserialization in\nBeanContextSupport (Serialization, 8224909) (CVE-2020-2583)\n\n* OpenJDK: Incomplete enforcement of maxDatagramSockets limit in\nDatagramChannelImpl (Networking, 8231795) (CVE-2020-2659)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2020-February/035642.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dcf18f6e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.7.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-2604\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.251-2.6.21.0.el7_7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-accessibility-1.7.0.251-2.6.21.0.el7_7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.251-2.6.21.0.el7_7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.251-2.6.21.0.el7_7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-headless-1.7.0.251-2.6.21.0.el7_7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.251-2.6.21.0.el7_7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.251-2.6.21.0.el7_7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-accessibility / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:06:26", "description": "From Red Hat Security Advisory 2020:0541 :\n\nAn update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security, 8229951) (CVE-2020-2601)\n\n* OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604)\n\n* OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590)\n\n* OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548) (CVE-2020-2593)\n\n* OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037) (CVE-2020-2654)\n\n* OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909) (CVE-2020-2583)\n\n* OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795) (CVE-2020-2659)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-02-19T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : java-1.7.0-openjdk (ELSA-2020-0541)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2583", "CVE-2020-2590", "CVE-2020-2593", "CVE-2020-2601", "CVE-2020-2604", "CVE-2020-2654", "CVE-2020-2659"], "modified": "2020-02-24T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:java-1.7.0-openjdk", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-accessibility", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-demo", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-devel", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-headless", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-javadoc", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-src", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2020-0541.NASL", "href": "https://www.tenable.com/plugins/nessus/133782", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0541 and \n# Oracle Linux Security Advisory ELSA-2020-0541 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133782);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2020-2583\", \"CVE-2020-2590\", \"CVE-2020-2593\", \"CVE-2020-2601\", \"CVE-2020-2604\", \"CVE-2020-2654\", \"CVE-2020-2659\");\n script_xref(name:\"RHSA\", value:\"2020:0541\");\n\n script_name(english:\"Oracle Linux 7 : java-1.7.0-openjdk (ELSA-2020-0541)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2020:0541 :\n\nAn update for java-1.7.0-openjdk is now available for Red Hat\nEnterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security,\n8229951) (CVE-2020-2601)\n\n* OpenJDK: Serialization filter changes via jdk.serialFilter property\nmodification (Serialization, 8231422) (CVE-2020-2604)\n\n* OpenJDK: Improper checks of SASL message properties in GssKrb5Base\n(Security, 8226352) (CVE-2020-2590)\n\n* OpenJDK: Incorrect isBuiltinStreamHandler check causing URL\nnormalization issues (Networking, 8228548) (CVE-2020-2593)\n\n* OpenJDK: Excessive memory usage in OID processing in X.509\ncertificate parsing (Libraries, 8234037) (CVE-2020-2654)\n\n* OpenJDK: Incorrect exception processing during deserialization in\nBeanContextSupport (Serialization, 8224909) (CVE-2020-2583)\n\n* OpenJDK: Incomplete enforcement of maxDatagramSockets limit in\nDatagramChannelImpl (Networking, 8231795) (CVE-2020-2659)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2020-February/009643.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.7.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.251-2.6.21.0.0.1.el7_7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-accessibility-1.7.0.251-2.6.21.0.0.1.el7_7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.251-2.6.21.0.0.1.el7_7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.251-2.6.21.0.0.1.el7_7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-headless-1.7.0.251-2.6.21.0.0.1.el7_7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.251-2.6.21.0.0.1.el7_7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.251-2.6.21.0.0.1.el7_7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-accessibility / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-26T14:34:13", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0541 advisory.\n\n - OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909) (CVE-2020-2583)\n\n - OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590)\n\n - OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548) (CVE-2020-2593)\n\n - OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security, 8229951) (CVE-2020-2601)\n\n - OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604)\n\n - OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037) (CVE-2020-2654)\n\n - OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795) (CVE-2020-2659)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-02-19T00:00:00", "type": "nessus", "title": "RHEL 7 : java-1.7.0-openjdk (RHSA-2020:0541)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2583", "CVE-2020-2590", "CVE-2020-2593", "CVE-2020-2601", "CVE-2020-2604", "CVE-2020-2654", "CVE-2020-2659"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:2.3:o:redhat:enterprise_linux:7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_eus:7.7:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.7.0-openjdk:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.7.0-openjdk-demo:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.7.0-openjdk-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.7.0-openjdk-src:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.7.0-openjdk-accessibility:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.7.0-openjdk-headless:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_aus:7.7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_e4s:7.7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_tus:7.7:*:*:*:*:*:*:*"], "id": "REDHAT-RHSA-2020-0541.NASL", "href": "https://www.tenable.com/plugins/nessus/133784", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0541. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133784);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2020-2583\",\n \"CVE-2020-2590\",\n \"CVE-2020-2593\",\n \"CVE-2020-2601\",\n \"CVE-2020-2604\",\n \"CVE-2020-2654\",\n \"CVE-2020-2659\"\n );\n script_xref(name:\"RHSA\", value:\"2020:0541\");\n\n script_name(english:\"RHEL 7 : java-1.7.0-openjdk (RHSA-2020:0541)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0541 advisory.\n\n - OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization,\n 8224909) (CVE-2020-2583)\n\n - OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590)\n\n - OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548)\n (CVE-2020-2593)\n\n - OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security, 8229951) (CVE-2020-2601)\n\n - OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422)\n (CVE-2020-2604)\n\n - OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037)\n (CVE-2020-2654)\n\n - OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795)\n (CVE-2020-2659)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2583\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2654\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2659\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0541\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1790444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1790556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1790570\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1790884\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1790944\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1791217\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1791284\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-2604\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 172, 327, 471, 770);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.7/x86_64/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.7/x86_64/os',\n 'content/aus/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.7/x86_64/debug',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/debug',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/os',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.7/x86_64/os',\n 'content/eus/rhel/computenode/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/os',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/os',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/os',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/os',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.7/s390x/debug',\n 'content/eus/rhel/system-z/7/7.7/s390x/optional/debug',\n 'content/eus/rhel/system-z/7/7.7/s390x/optional/os',\n 'content/eus/rhel/system-z/7/7.7/s390x/optional/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.7/s390x/os',\n 'content/eus/rhel/system-z/7/7.7/s390x/sap/debug',\n 'content/eus/rhel/system-z/7/7.7/s390x/sap/os',\n 'content/eus/rhel/system-z/7/7.7/s390x/sap/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.7/s390x/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/os',\n 'content/tus/rhel/server/7/7.7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'java-1.7.0-openjdk-1.7.0.251-2.6.21.0.el7_7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.7.0-openjdk-1.7.0.251-2.6.21.0.el7_7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.7.0-openjdk-accessibility-1.7.0.251-2.6.21.0.el7_7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.7.0-openjdk-accessibility-1.7.0.251-2.6.21.0.el7_7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.7.0-openjdk-demo-1.7.0.251-2.6.21.0.el7_7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.7.0-openjdk-demo-1.7.0.251-2.6.21.0.el7_7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.7.0-openjdk-devel-1.7.0.251-2.6.21.0.el7_7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.7.0-openjdk-devel-1.7.0.251-2.6.21.0.el7_7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.7.0-openjdk-headless-1.7.0.251-2.6.21.0.el7_7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.7.0-openjdk-headless-1.7.0.251-2.6.21.0.el7_7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.7.0-openjdk-javadoc-1.7.0.251-2.6.21.0.el7_7', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.7.0-openjdk-src-1.7.0.251-2.6.21.0.el7_7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.7.0-openjdk-src-1.7.0.251-2.6.21.0.el7_7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/os',\n 'content/fastrack/rhel/system-z/7/s390x/optional/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/os',\n 'content/fastrack/rhel/system-z/7/s390x/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'java-1.7.0-openjdk-1.7.0.251-2.6.21.0.el7_7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.7.0-openjdk-1.7.0.251-2.6.21.0.el7_7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.7.0-openjdk-accessibility-1.7.0.251-2.6.21.0.el7_7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.7.0-openjdk-accessibility-1.7.0.251-2.6.21.0.el7_7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.7.0-openjdk-demo-1.7.0.251-2.6.21.0.el7_7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.7.0-openjdk-demo-1.7.0.251-2.6.21.0.el7_7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.7.0-openjdk-devel-1.7.0.251-2.6.21.0.el7_7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.7.0-openjdk-devel-1.7.0.251-2.6.21.0.el7_7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.7.0-openjdk-headless-1.7.0.251-2.6.21.0.el7_7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.7.0-openjdk-headless-1.7.0.251-2.6.21.0.el7_7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.7.0-openjdk-javadoc-1.7.0.251-2.6.21.0.el7_7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.7.0-openjdk-src-1.7.0.251-2.6.21.0.el7_7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.7.0-openjdk-src-1.7.0.251-2.6.21.0.el7_7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'java-1.7.0-openjdk / java-1.7.0-openjdk-accessibility / etc');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:06:59", "description": "Security Fix(es) :\n\n - OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security, 8229951) (CVE-2020-2601)\n\n - OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604)\n\n - OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590)\n\n - OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548) (CVE-2020-2593)\n\n - OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037) (CVE-2020-2654)\n\n - OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909) (CVE-2020-2583)\n\n - OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795) (CVE-2020-2659)", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-02-19T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : java-1.7.0-openjdk on SL7.x x86_64 (20200218)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2583", "CVE-2020-2590", "CVE-2020-2593", "CVE-2020-2601", "CVE-2020-2604", "CVE-2020-2654", "CVE-2020-2659"], "modified": "2020-02-24T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-accessibility", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-debuginfo", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-demo", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-devel", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-headless", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-javadoc", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-src", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20200218_JAVA_1_7_0_OPENJDK_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/133788", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133788);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2020-2583\", \"CVE-2020-2590\", \"CVE-2020-2593\", \"CVE-2020-2601\", \"CVE-2020-2604\", \"CVE-2020-2654\", \"CVE-2020-2659\");\n\n script_name(english:\"Scientific Linux Security Update : java-1.7.0-openjdk on SL7.x x86_64 (20200218)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS\n (Security, 8229951) (CVE-2020-2601)\n\n - OpenJDK: Serialization filter changes via\n jdk.serialFilter property modification (Serialization,\n 8231422) (CVE-2020-2604)\n\n - OpenJDK: Improper checks of SASL message properties in\n GssKrb5Base (Security, 8226352) (CVE-2020-2590)\n\n - OpenJDK: Incorrect isBuiltinStreamHandler check causing\n URL normalization issues (Networking, 8228548)\n (CVE-2020-2593)\n\n - OpenJDK: Excessive memory usage in OID processing in\n X.509 certificate parsing (Libraries, 8234037)\n (CVE-2020-2654)\n\n - OpenJDK: Incorrect exception processing during\n deserialization in BeanContextSupport (Serialization,\n 8224909) (CVE-2020-2583)\n\n - OpenJDK: Incomplete enforcement of maxDatagramSockets\n limit in DatagramChannelImpl (Networking, 8231795)\n (CVE-2020-2659)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2002&L=SCIENTIFIC-LINUX-ERRATA&P=8398\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?73fa6831\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.251-2.6.21.0.el7_7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-accessibility-1.7.0.251-2.6.21.0.el7_7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.251-2.6.21.0.el7_7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.251-2.6.21.0.el7_7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.251-2.6.21.0.el7_7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-headless-1.7.0.251-2.6.21.0.el7_7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.251-2.6.21.0.el7_7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.251-2.6.21.0.el7_7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-accessibility / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:09:50", "description": "According to the versions of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1 Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data.(CVE-2020-2601)\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE.(CVE-2020-2654)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1 Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.(CVE-2020-2583)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1 Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data.(CVE-2020-2590)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1 Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.(CVE-2020-2593)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1 Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded.(CVE-2020-2604)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231 Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.(CVE-2020-2659)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-15T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : java-1.8.0-openjdk (EulerOS-SA-2020-1395)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2583", "CVE-2020-2590", "CVE-2020-2593", "CVE-2020-2601", "CVE-2020-2604", "CVE-2020-2654", "CVE-2020-2659"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:java-1.8.0-openjdk", "p-cpe:/a:huawei:euleros:java-1.8.0-openjdk-devel", "p-cpe:/a:huawei:euleros:java-1.8.0-openjdk-headless", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1395.NASL", "href": "https://www.tenable.com/plugins/nessus/135524", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135524);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-2583\",\n \"CVE-2020-2590\",\n \"CVE-2020-2593\",\n \"CVE-2020-2601\",\n \"CVE-2020-2604\",\n \"CVE-2020-2654\",\n \"CVE-2020-2659\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : java-1.8.0-openjdk (EulerOS-SA-2020-1395)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the java-1.8.0-openjdk packages\ninstalled, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - Vulnerability in the Java SE, Java SE Embedded product\n of Oracle Java SE (component: Security). Supported\n versions that are affected are Java SE: 7u241, 8u231,\n 11.0.5 and 13.0.1 Java SE Embedded: 8u231. Difficult to\n exploit vulnerability allows unauthenticated attacker\n with network access via Kerberos to compromise Java SE,\n Java SE Embedded. While the vulnerability is in Java\n SE, Java SE Embedded, attacks may significantly impact\n additional products. Successful attacks of this\n vulnerability can result in unauthorized access to\n critical data or complete access to all Java SE, Java\n SE Embedded accessible data.(CVE-2020-2601)\n\n - Vulnerability in the Java SE product of Oracle Java SE\n (component: Libraries). Supported versions that are\n affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1.\n Difficult to exploit vulnerability allows\n unauthenticated attacker with network access via\n multiple protocols to compromise Java SE. Successful\n attacks of this vulnerability can result in\n unauthorized ability to cause a partial denial of\n service (partial DOS) of Java SE.(CVE-2020-2654)\n\n - Vulnerability in the Java SE, Java SE Embedded product\n of Oracle Java SE (component: Serialization). Supported\n versions that are affected are Java SE: 7u241, 8u231,\n 11.0.5 and 13.0.1 Java SE Embedded: 8u231. Difficult to\n exploit vulnerability allows unauthenticated attacker\n with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful\n attacks of this vulnerability can result in\n unauthorized ability to cause a partial denial of\n service (partial DOS) of Java SE, Java SE\n Embedded.(CVE-2020-2583)\n\n - Vulnerability in the Java SE, Java SE Embedded product\n of Oracle Java SE (component: Security). Supported\n versions that are affected are Java SE: 7u241, 8u231,\n 11.0.5 and 13.0.1 Java SE Embedded: 8u231. Difficult to\n exploit vulnerability allows unauthenticated attacker\n with network access via Kerberos to compromise Java SE,\n Java SE Embedded. Successful attacks of this\n vulnerability can result in unauthorized update, insert\n or delete access to some of Java SE, Java SE Embedded\n accessible data.(CVE-2020-2590)\n\n - Vulnerability in the Java SE, Java SE Embedded product\n of Oracle Java SE (component: Networking). Supported\n versions that are affected are Java SE: 7u241, 8u231,\n 11.0.5 and 13.0.1 Java SE Embedded: 8u231. Difficult to\n exploit vulnerability allows unauthenticated attacker\n with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful\n attacks of this vulnerability can result in\n unauthorized update, insert or delete access to some of\n Java SE, Java SE Embedded accessible data as well as\n unauthorized read access to a subset of Java SE, Java\n SE Embedded accessible data.(CVE-2020-2593)\n\n - Vulnerability in the Java SE, Java SE Embedded product\n of Oracle Java SE (component: Serialization). Supported\n versions that are affected are Java SE: 7u241, 8u231,\n 11.0.5 and 13.0.1 Java SE Embedded: 8u231. Difficult to\n exploit vulnerability allows unauthenticated attacker\n with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful\n attacks of this vulnerability can result in takeover of\n Java SE, Java SE Embedded.(CVE-2020-2604)\n\n - Vulnerability in the Java SE, Java SE Embedded product\n of Oracle Java SE (component: Networking). Supported\n versions that are affected are Java SE: 7u241 and 8u231\n Java SE Embedded: 8u231. Difficult to exploit\n vulnerability allows unauthenticated attacker with\n network access via multiple protocols to compromise\n Java SE, Java SE Embedded. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a partial denial of service (partial DOS) of Java\n SE, Java SE Embedded.(CVE-2020-2659)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1395\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b893fe35\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected java-1.8.0-openjdk packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"java-1.8.0-openjdk-1.8.0.191.b12-0.h5\",\n \"java-1.8.0-openjdk-devel-1.8.0.191.b12-0.h5\",\n \"java-1.8.0-openjdk-headless-1.8.0.191.b12-0.h5\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:06:13", "description": "From Red Hat Security Advisory 2020:0632 :\n\nAn update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security, 8229951) (CVE-2020-2601)\n\n* OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604)\n\n* OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590)\n\n* OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548) (CVE-2020-2593)\n\n* OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037) (CVE-2020-2654)\n\n* OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909) (CVE-2020-2583)\n\n* OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795) (CVE-2020-2659)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-02-28T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : java-1.7.0-openjdk (ELSA-2020-0632)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2583", "CVE-2020-2590", "CVE-2020-2593", "CVE-2020-2601", "CVE-2020-2604", "CVE-2020-2654", "CVE-2020-2659"], "modified": "2020-03-06T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:java-1.7.0-openjdk", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-demo", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-devel", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-javadoc", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-src", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2020-0632.NASL", "href": "https://www.tenable.com/plugins/nessus/134143", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0632 and \n# Oracle Linux Security Advisory ELSA-2020-0632 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(134143);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/06\");\n\n script_cve_id(\"CVE-2020-2583\", \"CVE-2020-2590\", \"CVE-2020-2593\", \"CVE-2020-2601\", \"CVE-2020-2604\", \"CVE-2020-2654\", \"CVE-2020-2659\");\n script_xref(name:\"RHSA\", value:\"2020:0632\");\n\n script_name(english:\"Oracle Linux 6 : java-1.7.0-openjdk (ELSA-2020-0632)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2020:0632 :\n\nAn update for java-1.7.0-openjdk is now available for Red Hat\nEnterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security,\n8229951) (CVE-2020-2601)\n\n* OpenJDK: Serialization filter changes via jdk.serialFilter property\nmodification (Serialization, 8231422) (CVE-2020-2604)\n\n* OpenJDK: Improper checks of SASL message properties in GssKrb5Base\n(Security, 8226352) (CVE-2020-2590)\n\n* OpenJDK: Incorrect isBuiltinStreamHandler check causing URL\nnormalization issues (Networking, 8228548) (CVE-2020-2593)\n\n* OpenJDK: Excessive memory usage in OID processing in X.509\ncertificate parsing (Libraries, 8234037) (CVE-2020-2654)\n\n* OpenJDK: Incorrect exception processing during deserialization in\nBeanContextSupport (Serialization, 8224909) (CVE-2020-2583)\n\n* OpenJDK: Incomplete enforcement of maxDatagramSockets limit in\nDatagramChannelImpl (Networking, 8231795) (CVE-2020-2659)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2020-February/009668.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.7.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"java-1.7.0-openjdk-1.7.0.251-2.6.21.0.0.1.el6_10\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.7.0-openjdk-demo-1.7.0.251-2.6.21.0.0.1.el6_10\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.7.0-openjdk-devel-1.7.0.251-2.6.21.0.0.1.el6_10\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.251-2.6.21.0.0.1.el6_10\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.7.0-openjdk-src-1.7.0.251-2.6.21.0.0.1.el6_10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-27T14:27:58", "description": "The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0632 advisory.\n\n - OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909) (CVE-2020-2583)\n\n - OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590)\n\n - OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548) (CVE-2020-2593)\n\n - OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security, 8229951) (CVE-2020-2601)\n\n - OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604)\n\n - OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037) (CVE-2020-2654)\n\n - OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795) (CVE-2020-2659)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-02-28T00:00:00", "type": "nessus", "title": "RHEL 6 : java-1.7.0-openjdk (RHSA-2020:0632)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2583", "CVE-2020-2590", "CVE-2020-2593", "CVE-2020-2601", "CVE-2020-2604", "CVE-2020-2654", "CVE-2020-2659"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:2.3:o:redhat:enterprise_linux:6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_eus:6.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.7.0-openjdk:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.7.0-openjdk-demo:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.7.0-openjdk-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.7.0-openjdk-src:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_els:6:*:*:*:*:*:*:*"], "id": "REDHAT-RHSA-2020-0632.NASL", "href": "https://www.tenable.com/plugins/nessus/134146", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0632. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134146);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2020-2583\",\n \"CVE-2020-2590\",\n \"CVE-2020-2593\",\n \"CVE-2020-2601\",\n \"CVE-2020-2604\",\n \"CVE-2020-2654\",\n \"CVE-2020-2659\"\n );\n script_xref(name:\"RHSA\", value:\"2020:0632\");\n\n script_name(english:\"RHEL 6 : java-1.7.0-openjdk (RHSA-2020:0632)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0632 advisory.\n\n - OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization,\n 8224909) (CVE-2020-2583)\n\n - OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590)\n\n - OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548)\n (CVE-2020-2593)\n\n - OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security, 8229951) (CVE-2020-2601)\n\n - OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422)\n (CVE-2020-2604)\n\n - OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037)\n (CVE-2020-2654)\n\n - OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795)\n (CVE-2020-2659)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2583\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2654\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2659\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1790444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1790556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1790570\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1790884\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1790944\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1791217\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1791284\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-2604\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 172, 327, 471, 770);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_els:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '6')) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/client/6/6Client/i386/debug',\n 'content/dist/rhel/client/6/6Client/i386/optional/debug',\n 'content/dist/rhel/client/6/6Client/i386/optional/os',\n 'content/dist/rhel/client/6/6Client/i386/optional/source/SRPMS',\n 'content/dist/rhel/client/6/6Client/i386/oracle-java-rm/os',\n 'content/dist/rhel/client/6/6Client/i386/oracle-java-rm/source/SRPMS',\n 'content/dist/rhel/client/6/6Client/i386/os',\n 'content/dist/rhel/client/6/6Client/i386/source/SRPMS',\n 'content/dist/rhel/client/6/6Client/i386/supplementary/debug',\n 'content/dist/rhel/client/6/6Client/i386/supplementary/os',\n 'content/dist/rhel/client/6/6Client/i386/supplementary/source/SRPMS',\n 'content/dist/rhel/client/6/6Client/x86_64/debug',\n 'content/dist/rhel/client/6/6Client/x86_64/optional/debug',\n 'content/dist/rhel/client/6/6Client/x86_64/optional/os',\n 'content/dist/rhel/client/6/6Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/6/6Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/6/6Client/x86_64/oracle-java-rm/source/SRPMS',\n 'content/dist/rhel/client/6/6Client/x86_64/os',\n 'content/dist/rhel/client/6/6Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/6/6Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/6/6Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/6/6Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/hpn/debug',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/hpn/os',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/hpn/source/SRPMS',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/oracle-java-rm/source/SRPMS',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/scalablefilesystem/debug',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/scalablefilesystem/os',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/scalablefilesystem/source/SRPMS',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/i386/debug',\n 'content/dist/rhel/server/6/6Server/i386/highavailability/debug',\n 'content/dist/rhel/server/6/6Server/i386/highavailability/os',\n 'content/dist/rhel/server/6/6Server/i386/highavailability/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/i386/loadbalancer/debug',\n 'content/dist/rhel/server/6/6Server/i386/loadbalancer/os',\n 'content/dist/rhel/server/6/6Server/i386/loadbalancer/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/i386/optional/debug',\n 'content/dist/rhel/server/6/6Server/i386/optional/os',\n 'content/dist/rhel/server/6/6Server/i386/optional/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/i386/oracle-java-rm/os',\n 'content/dist/rhel/server/6/6Server/i386/oracle-java-rm/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/i386/os',\n 'content/dist/rhel/server/6/6Server/i386/resilientstorage/debug',\n 'content/dist/rhel/server/6/6Server/i386/resilientstorage/os',\n 'content/dist/rhel/server/6/6Server/i386/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/i386/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/i386/supplementary/debug',\n 'content/dist/rhel/server/6/6Server/i386/supplementary/os',\n 'content/dist/rhel/server/6/6Server/i386/supplementary/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/6/6Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/hpn/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/hpn/os',\n 'content/dist/rhel/server/6/6Server/x86_64/hpn/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/loadbalancer/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/loadbalancer/os',\n 'content/dist/rhel/server/6/6Server/x86_64/loadbalancer/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/optional/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/optional/os',\n 'content/dist/rhel/server/6/6Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/6/6Server/x86_64/oracle-java-rm/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/os',\n 'content/dist/rhel/server/6/6Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/6/6Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/6/6Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/sap/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/sap/os',\n 'content/dist/rhel/server/6/6Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/scalablefilesystem/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/scalablefilesystem/os',\n 'content/dist/rhel/server/6/6Server/x86_64/scalablefilesystem/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/6/6Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/i386/debug',\n 'content/dist/rhel/workstation/6/6Workstation/i386/optional/debug',\n 'content/dist/rhel/workstation/6/6Workstation/i386/optional/os',\n 'content/dist/rhel/workstation/6/6Workstation/i386/optional/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/i386/oracle-java-rm/os',\n 'content/dist/rhel/workstation/6/6Workstation/i386/oracle-java-rm/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/i386/os',\n 'content/dist/rhel/workstation/6/6Workstation/i386/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/i386/supplementary/debug',\n 'content/dist/rhel/workstation/6/6Workstation/i386/supplementary/os',\n 'content/dist/rhel/workstation/6/6Workstation/i386/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/oracle-java-rm/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/os',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/scalablefilesystem/debug',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/scalablefilesystem/os',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/scalablefilesystem/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/supplementary/source/SRPMS',\n 'content/els/rhel/server/6/6Server/i386/debug',\n 'content/els/rhel/server/6/6Server/i386/optional/debug',\n 'content/els/rhel/server/6/6Server/i386/optional/os',\n 'content/els/rhel/server/6/6Server/i386/optional/source/SRPMS',\n 'content/els/rhel/server/6/6Server/i386/os',\n 'content/els/rhel/server/6/6Server/i386/source/SRPMS',\n 'content/els/rhel/server/6/6Server/x86_64/debug',\n 'content/els/rhel/server/6/6Server/x86_64/optional/debug',\n 'content/els/rhel/server/6/6Server/x86_64/optional/os',\n 'content/els/rhel/server/6/6Server/x86_64/optional/source/SRPMS',\n 'content/els/rhel/server/6/6Server/x86_64/os',\n 'content/els/rhel/server/6/6Server/x86_64/sap-hana/debug',\n 'content/els/rhel/server/6/6Server/x86_64/sap-hana/os',\n 'content/els/rhel/server/6/6Server/x86_64/sap-hana/source/SRPMS',\n 'content/els/rhel/server/6/6Server/x86_64/sap/debug',\n 'content/els/rhel/server/6/6Server/x86_64/sap/os',\n 'content/els/rhel/server/6/6Server/x86_64/sap/source/SRPMS',\n 'content/els/rhel/server/6/6Server/x86_64/source/SRPMS',\n 'content/fastrack/rhel/client/6/i386/debug',\n 'content/fastrack/rhel/client/6/i386/optional/debug',\n 'content/fastrack/rhel/client/6/i386/optional/os',\n 'content/fastrack/rhel/client/6/i386/optional/source/SRPMS',\n 'content/fastrack/rhel/client/6/i386/os',\n 'content/fastrack/rhel/client/6/i386/source/SRPMS',\n 'content/fastrack/rhel/client/6/x86_64/debug',\n 'content/fastrack/rhel/client/6/x86_64/optional/debug',\n 'content/fastrack/rhel/client/6/x86_64/optional/os',\n 'content/fastrack/rhel/client/6/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/6/x86_64/os',\n 'content/fastrack/rhel/client/6/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/6/x86_64/debug',\n 'content/fastrack/rhel/computenode/6/x86_64/hpn/debug',\n 'content/fastrack/rhel/computenode/6/x86_64/hpn/os',\n 'content/fastrack/rhel/computenode/6/x86_64/hpn/source/SRPMS',\n 'content/fastrack/rhel/computenode/6/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/6/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/6/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/6/x86_64/os',\n 'content/fastrack/rhel/computenode/6/x86_64/scalablefilesystem/debug',\n 'content/fastrack/rhel/computenode/6/x86_64/scalablefilesystem/os',\n 'content/fastrack/rhel/computenode/6/x86_64/scalablefilesystem/source/SRPMS',\n 'content/fastrack/rhel/computenode/6/x86_64/source/SRPMS',\n 'content/fastrack/rhel/server/6/i386/debug',\n 'content/fastrack/rhel/server/6/i386/highavailability/debug',\n 'content/fastrack/rhel/server/6/i386/highavailability/os',\n 'content/fastrack/rhel/server/6/i386/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/6/i386/loadbalancer/debug',\n 'content/fastrack/rhel/server/6/i386/loadbalancer/os',\n 'content/fastrack/rhel/server/6/i386/loadbalancer/source/SRPMS',\n 'content/fastrack/rhel/server/6/i386/optional/debug',\n 'content/fastrack/rhel/server/6/i386/optional/os',\n 'content/fastrack/rhel/server/6/i386/optional/source/SRPMS',\n 'content/fastrack/rhel/server/6/i386/os',\n 'content/fastrack/rhel/server/6/i386/resilientstorage/debug',\n 'content/fastrack/rhel/server/6/i386/resilientstorage/os',\n 'content/fastrack/rhel/server/6/i386/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/6/i386/source/SRPMS',\n 'content/fastrack/rhel/server/6/x86_64/debug',\n 'content/fastrack/rhel/server/6/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/6/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/6/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/6/x86_64/hpn/debug',\n 'content/fastrack/rhel/server/6/x86_64/hpn/os',\n 'content/fastrack/rhel/server/6/x86_64/hpn/source/SRPMS',\n 'content/fastrack/rhel/server/6/x86_64/loadbalancer/debug',\n 'content/fastrack/rhel/server/6/x86_64/loadbalancer/os',\n 'content/fastrack/rhel/server/6/x86_64/loadbalancer/source/SRPMS',\n 'content/fastrack/rhel/server/6/x86_64/optional/debug',\n 'content/fastrack/rhel/server/6/x86_64/optional/os',\n 'content/fastrack/rhel/server/6/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/6/x86_64/os',\n 'content/fastrack/rhel/server/6/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/6/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/6/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/6/x86_64/scalablefilesystem/debug',\n 'content/fastrack/rhel/server/6/x86_64/scalablefilesystem/os',\n 'content/fastrack/rhel/server/6/x86_64/scalablefilesystem/source/SRPMS',\n 'content/fastrack/rhel/server/6/x86_64/source/SRPMS',\n 'content/fastrack/rhel/workstation/6/i386/debug',\n 'content/fastrack/rhel/workstation/6/i386/optional/debug',\n 'content/fastrack/rhel/workstation/6/i386/optional/os',\n 'content/fastrack/rhel/workstation/6/i386/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/6/i386/os',\n 'content/fastrack/rhel/workstation/6/i386/source/SRPMS',\n 'content/fastrack/rhel/workstation/6/x86_64/debug',\n 'content/fastrack/rhel/workstation/6/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/6/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/6/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/6/x86_64/os',\n 'content/fastrack/rhel/workstation/6/x86_64/scalablefilesystem/debug',\n 'content/fastrack/rhel/workstation/6/x86_64/scalablefilesystem/os',\n 'content/fastrack/rhel/workstation/6/x86_64/scalablefilesystem/source/SRPMS',\n 'content/fastrack/rhel/workstation/6/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'java-1.7.0-openjdk-1.7.0.251-2.6.21.0.el6_10', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.7.0-openjdk-1.7.0.251-2.6.21.0.el6_10', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.7.0-openjdk-demo-1.7.0.251-2.6.21.0.el6_10', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.7.0-openjdk-demo-1.7.0.251-2.6.21.0.el6_10', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.7.0-openjdk-devel-1.7.0.251-2.6.21.0.el6_10', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.7.0-openjdk-devel-1.7.0.251-2.6.21.0.el6_10', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.7.0-openjdk-javadoc-1.7.0.251-2.6.21.0.el6_10', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.7.0-openjdk-src-1.7.0.251-2.6.21.0.el6_10', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.7.0-openjdk-src-1.7.0.251-2.6.21.0.el6_10', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'java-1.7.0-openjdk / java-1.7.0-openjdk-demo / etc');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:06:10", "description": "Security Fix(es) :\n\n - OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security, 8229951) (CVE-2020-2601)\n\n - OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604)\n\n - OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590)\n\n - OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548) (CVE-2020-2593)\n\n - OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037) (CVE-2020-2654)\n\n - OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909) (CVE-2020-2583)\n\n - OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795) (CVE-2020-2659)", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-02-28T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20200227)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2583", "CVE-2020-2590", "CVE-2020-2593", "CVE-2020-2601", "CVE-2020-2604", "CVE-2020-2654", "CVE-2020-2659"], "modified": "2020-03-06T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-debuginfo", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-demo", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-devel", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-javadoc", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-src", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20200227_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/134149", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(134149);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/06\");\n\n script_cve_id(\"CVE-2020-2583\", \"CVE-2020-2590\", \"CVE-2020-2593\", \"CVE-2020-2601\", \"CVE-2020-2604\", \"CVE-2020-2654\", \"CVE-2020-2659\");\n\n script_name(english:\"Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20200227)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS\n (Security, 8229951) (CVE-2020-2601)\n\n - OpenJDK: Serialization filter changes via\n jdk.serialFilter property modification (Serialization,\n 8231422) (CVE-2020-2604)\n\n - OpenJDK: Improper checks of SASL message properties in\n GssKrb5Base (Security, 8226352) (CVE-2020-2590)\n\n - OpenJDK: Incorrect isBuiltinStreamHandler check causing\n URL normalization issues (Networking, 8228548)\n (CVE-2020-2593)\n\n - OpenJDK: Excessive memory usage in OID processing in\n X.509 certificate parsing (Libraries, 8234037)\n (CVE-2020-2654)\n\n - OpenJDK: Incorrect exception processing during\n deserialization in BeanContextSupport (Serialization,\n 8224909) (CVE-2020-2583)\n\n - OpenJDK: Incomplete enforcement of maxDatagramSockets\n limit in DatagramChannelImpl (Networking, 8231795)\n (CVE-2020-2659)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2002&L=SCIENTIFIC-LINUX-ERRATA&P=11285\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dc3f8a9d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"java-1.7.0-openjdk-1.7.0.251-2.6.21.0.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.251-2.6.21.0.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.7.0-openjdk-demo-1.7.0.251-2.6.21.0.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.7.0-openjdk-devel-1.7.0.251-2.6.21.0.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.251-2.6.21.0.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.7.0-openjdk-src-1.7.0.251-2.6.21.0.el6_10\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-debuginfo / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:37:44", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:0202 advisory.\n\n - OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909) (CVE-2020-2583)\n\n - OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590)\n\n - OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548) (CVE-2020-2593)\n\n - OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security, 8229951) (CVE-2020-2601)\n\n - OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604)\n\n - OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037) (CVE-2020-2654)\n\n - OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795) (CVE-2020-2659)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-02-01T00:00:00", "type": "nessus", "title": "CentOS 8 : java-1.8.0-openjdk (CESA-2020:0202)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2583", "CVE-2020-2590", "CVE-2020-2593", "CVE-2020-2601", "CVE-2020-2604", "CVE-2020-2654", "CVE-2020-2659"], "modified": "2021-03-23T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:java-1.8.0-openjdk", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-accessibility", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-demo", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-devel", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-headless", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc-zip", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-src"], "id": "CENTOS8_RHSA-2020-0202.NASL", "href": "https://www.tenable.com/plugins/nessus/145869", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2020:0202. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145869);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/23\");\n\n script_cve_id(\n \"CVE-2020-2583\",\n \"CVE-2020-2590\",\n \"CVE-2020-2593\",\n \"CVE-2020-2601\",\n \"CVE-2020-2604\",\n \"CVE-2020-2654\",\n \"CVE-2020-2659\"\n );\n script_xref(name:\"RHSA\", value:\"2020:0202\");\n\n script_name(english:\"CentOS 8 : java-1.8.0-openjdk (CESA-2020:0202)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2020:0202 advisory.\n\n - OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization,\n 8224909) (CVE-2020-2583)\n\n - OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590)\n\n - OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548)\n (CVE-2020-2593)\n\n - OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security, 8229951) (CVE-2020-2601)\n\n - OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422)\n (CVE-2020-2604)\n\n - OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037)\n (CVE-2020-2654)\n\n - OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795)\n (CVE-2020-2659)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0202\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-2604\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-src\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'java-1.8.0-openjdk-1.8.0.242.b08-0.el8_1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-1.8.0-openjdk-1.8.0.242.b08-0.el8_1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-1.8.0-openjdk-accessibility-1.8.0.242.b08-0.el8_1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-1.8.0-openjdk-accessibility-1.8.0.242.b08-0.el8_1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-1.8.0-openjdk-demo-1.8.0.242.b08-0.el8_1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-1.8.0-openjdk-demo-1.8.0.242.b08-0.el8_1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-1.8.0-openjdk-devel-1.8.0.242.b08-0.el8_1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-1.8.0-openjdk-devel-1.8.0.242.b08-0.el8_1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-1.8.0-openjdk-headless-1.8.0.242.b08-0.el8_1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-1.8.0-openjdk-headless-1.8.0.242.b08-0.el8_1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-1.8.0-openjdk-javadoc-1.8.0.242.b08-0.el8_1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-1.8.0-openjdk-javadoc-1.8.0.242.b08-0.el8_1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-1.8.0-openjdk-javadoc-zip-1.8.0.242.b08-0.el8_1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-1.8.0-openjdk-javadoc-zip-1.8.0.242.b08-0.el8_1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-1.8.0-openjdk-src-1.8.0.242.b08-0.el8_1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'java-1.8.0-openjdk-src-1.8.0.242.b08-0.el8_1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'java-1.8.0-openjdk / java-1.8.0-openjdk-accessibility / etc');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-10T19:21:36", "description": "The version of IBM Java installed on the remote host is prior to 7.0 < 7.0.10.70 / 7.1 < 7.1.4.70 / 8.0 < 8.0.6.15. It is, therefore, affected by multiple vulnerabilities as referenced in the Oracle January 14 2020 CPU advisory.\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).\n Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded:\n 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2020-2583)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2020-2590)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking).\n Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded:\n 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2020-2593)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data.\n Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2020-2601)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).\n Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded:\n 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2020-2604)\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. (CVE-2020-2654)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking).\n Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2020-2659)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-29T00:00:00", "type": "nessus", "title": "IBM Java 7.0 < 7.0.10.70 / 7.1 < 7.1.4.70 / 8.0 < 8.0.6.15 Multiple Vulnerabilities (Jan 14, 2020)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2583", "CVE-2020-2590", "CVE-2020-2593", "CVE-2020-2601", "CVE-2020-2604", "CVE-2020-2654", "CVE-2020-2659"], "modified": "2022-10-25T00:00:00", "cpe": ["cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*"], "id": "IBM_JAVA_2020_01_14.NASL", "href": "https://www.tenable.com/plugins/nessus/160340", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160340);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/10/25\");\n\n script_cve_id(\n \"CVE-2020-2583\",\n \"CVE-2020-2590\",\n \"CVE-2020-2593\",\n \"CVE-2020-2601\",\n \"CVE-2020-2604\",\n \"CVE-2020-2654\",\n \"CVE-2020-2659\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0023-S\");\n\n script_name(english:\"IBM Java 7.0 < 7.0.10.70 / 7.1 < 7.1.4.70 / 8.0 < 8.0.6.15 Multiple Vulnerabilities (Jan 14, 2020)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"IBM Java is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of IBM Java installed on the remote host is prior to 7.0 < 7.0.10.70 / 7.1 < 7.1.4.70 / 8.0 < 8.0.6.15. It\nis, therefore, affected by multiple vulnerabilities as referenced in the Oracle January 14 2020 CPU advisory.\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).\n Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded:\n 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in\n unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web\n Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code\n that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be\n exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the\n APIs. (CVE-2020-2583)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported\n versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to\n compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized\n update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This\n vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start\n applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that\n comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be\n exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the\n APIs. (CVE-2020-2590)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking).\n Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded:\n 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in\n unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well\n as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This\n vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start\n applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that\n comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be\n exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the\n APIs. (CVE-2020-2593)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported\n versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to\n compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may\n significantly impact additional products. Successful attacks of this vulnerability can result in\n unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data.\n Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web\n Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code\n that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be\n exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the\n APIs. (CVE-2020-2601)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).\n Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded:\n 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in\n takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in\n clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load\n and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for\n security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through\n a web service which supplies data to the APIs. (CVE-2020-2604)\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are\n affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows\n unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service\n (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the\n specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as\n through a web service. (CVE-2020-2654)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking).\n Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized\n ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This\n vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start\n applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that\n comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be\n exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the\n APIs. (CVE-2020-2659)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IJ22356\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IJ22357\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IJ22358\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IJ22359\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IJ22978\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IJ26763\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IJ26764\");\n # https://www.ibm.com/support/pages/java-sdk-security-vulnerabilities#Oracle_January_14_2020_CPU\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?70ffbfe9\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.ibm.com/support/pages/node/5736807\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the Oracle January 14 2020 CPU advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-2604\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:java\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ibm_java_nix_installed.nbin\", \"ibm_java_win_installed.nbin\");\n script_require_keys(\"installed_sw/Java\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_list = ['IBM Java'];\nvar app_info = vcf::java::get_app_info(app:app_list);\n\nvar constraints = [\n { 'min_version' : '7.0.0', 'fixed_version' : '7.0.10.70' },\n { 'min_version' : '7.1.0', 'fixed_version' : '7.1.4.70' },\n { 'min_version' : '8.0.0', 'fixed_version' : '8.0.6.15' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:07:24", "description": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231.\nDifficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). (CVE-2020-2593)\n\nVulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231.\nDifficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). (CVE-2020-2590)\n\nVulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231.\nDifficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N). (CVE-2020-2601)\n\nVulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231.\nDifficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2583)\n\nVulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231.\nDifficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). (CVE-2020-2604)\n\nVulnerability in the Java SE product of Oracle Java SE (component:\nLibraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).\n(CVE-2020-2654)\n\nVulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.\nSuccessful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2659)", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-02-24T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : java-1.8.0-openjdk (ALAS-2020-1396)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2583", "CVE-2020-2590", "CVE-2020-2593", "CVE-2020-2601", "CVE-2020-2604", "CVE-2020-2654", "CVE-2020-2659"], "modified": "2020-02-26T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:java-1.8.0-openjdk", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-accessibility", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-accessibility-debug", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-debug", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-debuginfo", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-demo", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-demo-debug", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-devel", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-devel-debug", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-headless", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-headless-debug", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-javadoc", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-javadoc-debug", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-javadoc-zip", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-javadoc-zip-debug", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-src", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-src-debug", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2020-1396.NASL", "href": "https://www.tenable.com/plugins/nessus/133868", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2020-1396.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133868);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/26\");\n\n script_cve_id(\"CVE-2020-2583\", \"CVE-2020-2590\", \"CVE-2020-2593\", \"CVE-2020-2601\", \"CVE-2020-2604\", \"CVE-2020-2654\", \"CVE-2020-2659\");\n script_xref(name:\"ALAS\", value:\"2020-1396\");\n\n script_name(english:\"Amazon Linux 2 : java-1.8.0-openjdk (ALAS-2020-1396)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java\nSE (component: Networking). Supported versions that are affected are\nJava SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231.\nDifficult to exploit vulnerability allows unauthenticated attacker\nwith network access via multiple protocols to compromise Java SE, Java\nSE Embedded. Successful attacks of this vulnerability can result in\nunauthorized update, insert or delete access to some of Java SE, Java\nSE Embedded accessible data as well as unauthorized read access to a\nsubset of Java SE, Java SE Embedded accessible data. Note: This\nvulnerability applies to Java deployments, typically in clients\nrunning sandboxed Java Web Start applications or sandboxed Java\napplets (in Java SE 8), that load and run untrusted code (e.g., code\nthat comes from the internet) and rely on the Java sandbox for\nsecurity. This vulnerability can also be exploited by using APIs in\nthe specified Component, e.g., through a web service which supplies\ndata to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and\nIntegrity impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). (CVE-2020-2593)\n\nVulnerability in the Java SE, Java SE Embedded product of Oracle Java\nSE (component: Security). Supported versions that are affected are\nJava SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231.\nDifficult to exploit vulnerability allows unauthenticated attacker\nwith network access via Kerberos to compromise Java SE, Java SE\nEmbedded. Successful attacks of this vulnerability can result in\nunauthorized update, insert or delete access to some of Java SE, Java\nSE Embedded accessible data. Note: This vulnerability applies to Java\ndeployments, typically in clients running sandboxed Java Web Start\napplications or sandboxed Java applets (in Java SE 8), that load and\nrun untrusted code (e.g., code that comes from the internet) and rely\non the Java sandbox for security. This vulnerability can also be\nexploited by using APIs in the specified Component, e.g., through a\nweb service which supplies data to the APIs. CVSS 3.0 Base Score 3.7\n(Integrity impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). (CVE-2020-2590)\n\nVulnerability in the Java SE, Java SE Embedded product of Oracle Java\nSE (component: Security). Supported versions that are affected are\nJava SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231.\nDifficult to exploit vulnerability allows unauthenticated attacker\nwith network access via Kerberos to compromise Java SE, Java SE\nEmbedded. While the vulnerability is in Java SE, Java SE Embedded,\nattacks may significantly impact additional products. Successful\nattacks of this vulnerability can result in unauthorized access to\ncritical data or complete access to all Java SE, Java SE Embedded\naccessible data. Note: This vulnerability applies to Java deployments,\ntypically in clients running sandboxed Java Web Start applications or\nsandboxed Java applets (in Java SE 8), that load and run untrusted\ncode (e.g., code that comes from the internet) and rely on the Java\nsandbox for security. This vulnerability can also be exploited by\nusing APIs in the specified Component, e.g., through a web service\nwhich supplies data to the APIs. CVSS 3.0 Base Score 6.8\n(Confidentiality impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N). (CVE-2020-2601)\n\nVulnerability in the Java SE, Java SE Embedded product of Oracle Java\nSE (component: Serialization). Supported versions that are affected\nare Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231.\nDifficult to exploit vulnerability allows unauthenticated attacker\nwith network access via multiple protocols to compromise Java SE, Java\nSE Embedded. Successful attacks of this vulnerability can result in\nunauthorized ability to cause a partial denial of service (partial\nDOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to\nJava deployments, typically in clients running sandboxed Java Web\nStart applications or sandboxed Java applets (in Java SE 8), that load\nand run untrusted code (e.g., code that comes from the internet) and\nrely on the Java sandbox for security. This vulnerability can also be\nexploited by using APIs in the specified Component, e.g., through a\nweb service which supplies data to the APIs. CVSS 3.0 Base Score 3.7\n(Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2583)\n\nVulnerability in the Java SE, Java SE Embedded product of Oracle Java\nSE (component: Serialization). Supported versions that are affected\nare Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231.\nDifficult to exploit vulnerability allows unauthenticated attacker\nwith network access via multiple protocols to compromise Java SE, Java\nSE Embedded. Successful attacks of this vulnerability can result in\ntakeover of Java SE, Java SE Embedded. Note: This vulnerability\napplies to Java deployments, typically in clients running sandboxed\nJava Web Start applications or sandboxed Java applets (in Java SE 8),\nthat load and run untrusted code (e.g., code that comes from the\ninternet) and rely on the Java sandbox for security. This\nvulnerability can also be exploited by using APIs in the specified\nComponent, e.g., through a web service which supplies data to the\nAPIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and\nAvailability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). (CVE-2020-2604)\n\nVulnerability in the Java SE product of Oracle Java SE (component:\nLibraries). Supported versions that are affected are Java SE: 7u241,\n8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows\nunauthenticated attacker with network access via multiple protocols to\ncompromise Java SE. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a partial denial of service\n(partial DOS) of Java SE. Note: This vulnerability can only be\nexploited by supplying data to APIs in the specified Component without\nusing Untrusted Java Web Start applications or Untrusted Java applets,\nsuch as through a web service. CVSS 3.0 Base Score 3.7 (Availability\nimpacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).\n(CVE-2020-2654)\n\nVulnerability in the Java SE, Java SE Embedded product of Oracle Java\nSE (component: Networking). Supported versions that are affected are\nJava SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to\nexploit vulnerability allows unauthenticated attacker with network\naccess via multiple protocols to compromise Java SE, Java SE Embedded.\nSuccessful attacks of this vulnerability can result in unauthorized\nability to cause a partial denial of service (partial DOS) of Java SE,\nJava SE Embedded. Note: This vulnerability applies to Java\ndeployments, typically in clients running sandboxed Java Web Start\napplications or sandboxed Java applets (in Java SE 8), that load and\nrun untrusted code (e.g., code that comes from the internet) and rely\non the Java sandbox for security. This vulnerability can also be\nexploited by using APIs in the specified Component, e.g., through a\nweb service which supplies data to the APIs. CVSS 3.0 Base Score 3.7\n(Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2659)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2020-1396.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update java-1.8.0-openjdk' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-accessibility-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-demo-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-devel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-headless-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-javadoc-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-javadoc-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-javadoc-zip-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-src-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", reference:\"java-1.8.0-openjdk-1.8.0.242.b08-0.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.8.0-openjdk-accessibility-1.8.0.242.b08-0.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.8.0-openjdk-accessibility-debug-1.8.0.242.b08-0.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.8.0-openjdk-debug-1.8.0.242.b08-0.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.8.0-openjdk-debuginfo-1.8.0.242.b08-0.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.8.0-openjdk-demo-1.8.0.242.b08-0.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.8.0-openjdk-demo-debug-1.8.0.242.b08-0.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.8.0-openjdk-devel-1.8.0.242.b08-0.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.8.0-openjdk-devel-debug-1.8.0.242.b08-0.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.8.0-openjdk-headless-1.8.0.242.b08-0.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.8.0-openjdk-headless-debug-1.8.0.242.b08-0.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.8.0-openjdk-javadoc-1.8.0.242.b08-0.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.8.0-openjdk-javadoc-debug-1.8.0.242.b08-0.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.8.0-openjdk-javadoc-zip-1.8.0.242.b08-0.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.242.b08-0.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.8.0-openjdk-src-1.8.0.242.b08-0.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.8.0-openjdk-src-debug-1.8.0.242.b08-0.amzn2.0.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk / java-1.8.0-openjdk-accessibility / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-26T14:33:30", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0202 advisory.\n\n - OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909) (CVE-2020-2583)\n\n - OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590)\n\n - OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548) (CVE-2020-2593)\n\n - OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security, 8229951) (CVE-2020-2601)\n\n - OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604)\n\n - OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037) (CVE-2020-2654)\n\n - OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795) (CVE-2020-2659)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-01-23T00:00:00", "type": "nessus", "title": "RHEL 8 : java-1.8.0-openjdk (RHSA-2020:0202)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2583", "CVE-2020-2590", "CVE-2020-2593", "CVE-2020-2601", "CVE-2020-2604", "CVE-2020-2654", "CVE-2020-2659"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_eus:8.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_aus:8.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_e4s:8.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_eus:8.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_tus:8.2:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.8.0-openjdk:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.8.0-openjdk-accessibility:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.8.0-openjdk-demo:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.8.0-openjdk-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.8.0-openjdk-headless:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc-zip:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.8.0-openjdk-src:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_e4s:8.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_eus:8.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_aus:8.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_e4s:8.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_tus:8.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_aus:8.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_e4s:8.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_eus:8.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_tus:8.6:*:*:*:*:*:*:*"], "id": "REDHAT-RHSA-2020-0202.NASL", "href": "https://www.tenable.com/plugins/nessus/133190", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0202. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133190);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2020-2583\",\n \"CVE-2020-2590\",\n \"CVE-2020-2593\",\n \"CVE-2020-2601\",\n \"CVE-2020-2604\",\n \"CVE-2020-2654\",\n \"CVE-2020-2659\"\n );\n script_xref(name:\"RHSA\", value:\"2020:0202\");\n\n script_name(english:\"RHEL 8 : java-1.8.0-openjdk (RHSA-2020:0202)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0202 advisory.\n\n - OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization,\n 8224909) (CVE-2020-2583)\n\n - OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590)\n\n - OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548)\n (CVE-2020-2593)\n\n - OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security, 8229951) (CVE-2020-2601)\n\n - OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422)\n (CVE-2020-2604)\n\n - OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037)\n (CVE-2020-2654)\n\n - OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795)\n (CVE-2020-2659)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2583\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2654\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2659\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0202\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1790444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1790556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1790570\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1790884\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1790944\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1791217\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1791284\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-2604\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 172, 327, 471, 770);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-src\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.2/x86_64/appstream/debug',\n 'content/aus/rhel8/8.2/x86_64/appstream/os',\n 'content/aus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.2/x86_64/baseos/debug',\n 'content/aus/rhel8/8.2/x86_64/baseos/os',\n 'content/aus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.2/x86_64/appstream/os',\n 'content/e4s/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.2/x86_64/baseos/os',\n 'content/e4s/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap/os',\n 'content/e4s/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/appstream/debug',\n 'content/eus/rhel8/8.2/aarch64/appstream/os',\n 'content/eus/rhel8/8.2/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/baseos/debug',\n 'content/eus/rhel8/8.2/aarch64/baseos/os',\n 'content/eus/rhel8/8.2/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.2/aarch64/highavailability/os',\n 'content/eus/rhel8/8.2/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.2/aarch64/supplementary/os',\n 'content/eus/rhel8/8.2/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.2/ppc64le/appstream/os',\n 'content/eus/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.2/ppc64le/baseos/os',\n 'content/eus/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap/os',\n 'content/eus/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/appstream/debug',\n 'content/eus/rhel8/8.2/s390x/appstream/os',\n 'content/eus/rhel8/8.2/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/baseos/debug',\n 'content/eus/rhel8/8.2/s390x/baseos/os',\n 'content/eus/rhel8/8.2/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/highavailability/debug',\n 'content/eus/rhel8/8.2/s390x/highavailability/os',\n 'content/eus/rhel8/8.2/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/sap/debug',\n 'content/eus/rhel8/8.2/s390x/sap/os',\n 'content/eus/rhel8/8.2/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/supplementary/debug',\n 'content/eus/rhel8/8.2/s390x/supplementary/os',\n 'content/eus/rhel8/8.2/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/appstream/debug',\n 'content/eus/rhel8/8.2/x86_64/appstream/os',\n 'content/eus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/baseos/debug',\n 'content/eus/rhel8/8.2/x86_64/baseos/os',\n 'content/eus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.2/x86_64/highavailability/os',\n 'content/eus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap/debug',\n 'content/eus/rhel8/8.2/x86_64/sap/os',\n 'content/eus/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.2/x86_64/supplementary/os',\n 'content/eus/rhel8/8.2/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/appstream/debug',\n 'content/tus/rhel8/8.2/x86_64/appstream/os',\n 'content/tus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/baseos/debug',\n 'content/tus/rhel8/8.2/x86_64/baseos/os',\n 'content/tus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.2/x86_64/highavailability/os',\n 'content/tus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/nfv/debug',\n 'content/tus/rhel8/8.2/x86_64/nfv/os',\n 'content/tus/rhel8/8.2/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/rt/debug',\n 'content/tus/rhel8/8.2/x86_64/rt/os',\n 'content/tus/rhel8/8.2/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'java-1.8.0-openjdk-1.8.0.242.b08-0.el8_1', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-accessibility-1.8.0.242.b08-0.el8_1', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-demo-1.8.0.242.b08-0.el8_1', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-devel-1.8.0.242.b08-0.el8_1', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-headless-1.8.0.242.b08-0.el8_1', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-javadoc-1.8.0.242.b08-0.el8_1', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-javadoc-zip-1.8.0.242.b08-0.el8_1', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-src-1.8.0.242.b08-0.el8_1', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.4/ppc64le/appstream/os',\n 'content/eus/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.4/ppc64le/baseos/os',\n 'content/eus/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap/os',\n 'content/eus/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/appstream/debug',\n 'content/eus/rhel8/8.4/s390x/appstream/os',\n 'content/eus/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/baseos/debug',\n 'content/eus/rhel8/8.4/s390x/baseos/os',\n 'content/eus/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/highavailability/debug',\n 'content/eus/rhel8/8.4/s390x/highavailability/os',\n 'content/eus/rhel8/8.4/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/sap/debug',\n 'content/eus/rhel8/8.4/s390x/sap/os',\n 'content/eus/rhel8/8.4/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/supplementary/debug',\n 'content/eus/rhel8/8.4/s390x/supplementary/os',\n 'content/eus/rhel8/8.4/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'java-1.8.0-openjdk-1.8.0.242.b08-0.el8_1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-accessibility-1.8.0.242.b08-0.el8_1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-demo-1.8.0.242.b08-0.el8_1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-devel-1.8.0.242.b08-0.el8_1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-headless-1.8.0.242.b08-0.el8_1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-javadoc-1.8.0.242.b08-0.el8_1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-javadoc-zip-1.8.0.242.b08-0.el8_1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-src-1.8.0.242.b08-0.el8_1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'java-1.8.0-openjdk-1.8.0.242.b08-0.el8_1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-accessibility-1.8.0.242.b08-0.el8_1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-demo-1.8.0.242.b08-0.el8_1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-devel-1.8.0.242.b08-0.el8_1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-headless-1.8.0.242.b08-0.el8_1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-javadoc-1.8.0.242.b08-0.el8_1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-javadoc-zip-1.8.0.242.b08-0.el8_1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-src-1.8.0.242.b08-0.el8_1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'java-1.8.0-openjdk-1.8.0.242.b08-0.el8_1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-accessibility-1.8.0.242.b08-0.el8_1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-demo-1.8.0.242.b08-0.el8_1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-devel-1.8.0.242.b08-0.el8_1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-headless-1.8.0.242.b08-0.el8_1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-javadoc-1.8.0.242.b08-0.el8_1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-javadoc-zip-1.8.0.242.b08-0.el8_1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-src-1.8.0.242.b08-0.el8_1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel8/8.1/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.1/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.1/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.1/ppc64le/sap/os',\n 'content/e4s/rhel8/8.1/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.1/x86_64/appstream/os',\n 'content/e4s/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.1/x86_64/baseos/os',\n 'content/e4s/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap/os',\n 'content/e4s/rhel8/8.1/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/appstream/debug',\n 'content/eus/rhel8/8.1/aarch64/appstream/os',\n 'content/eus/rhel8/8.1/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/baseos/debug',\n 'content/eus/rhel8/8.1/aarch64/baseos/os',\n 'content/eus/rhel8/8.1/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.1/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.1/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.1/aarch64/highavailability/os',\n 'content/eus/rhel8/8.1/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.1/aarch64/supplementary/os',\n 'content/eus/rhel8/8.1/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.1/ppc64le/appstream/os',\n 'content/eus/rhel8/8.1/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.1/ppc64le/baseos/os',\n 'content/eus/rhel8/8.1/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.1/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.1/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.1/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.1/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.1/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.1/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.1/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.1/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/sap/debug',\n 'content/eus/rhel8/8.1/ppc64le/sap/os',\n 'content/eus/rhel8/8.1/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.1/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.1/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/appstream/debug',\n 'content/eus/rhel8/8.1/s390x/appstream/os',\n 'content/eus/rhel8/8.1/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/baseos/debug',\n 'content/eus/rhel8/8.1/s390x/baseos/os',\n 'content/eus/rhel8/8.1/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.1/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.1/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/highavailability/debug',\n 'content/eus/rhel8/8.1/s390x/highavailability/os',\n 'content/eus/rhel8/8.1/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.1/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.1/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/sap/debug',\n 'content/eus/rhel8/8.1/s390x/sap/os',\n 'content/eus/rhel8/8.1/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/supplementary/debug',\n 'content/eus/rhel8/8.1/s390x/supplementary/os',\n 'content/eus/rhel8/8.1/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/appstream/debug',\n 'content/eus/rhel8/8.1/x86_64/appstream/os',\n 'content/eus/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/baseos/debug',\n 'content/eus/rhel8/8.1/x86_64/baseos/os',\n 'content/eus/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.1/x86_64/highavailability/os',\n 'content/eus/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/sap/debug',\n 'content/eus/rhel8/8.1/x86_64/sap/os',\n 'content/eus/rhel8/8.1/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.1/x86_64/supplementary/os',\n 'content/eus/rhel8/8.1/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'java-1.8.0-openjdk-1.8.0.242.b08-0.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-accessibility-1.8.0.242.b08-0.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-demo-1.8.0.242.b08-0.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-devel-1.8.0.242.b08-0.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-headless-1.8.0.242.b08-0.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-javadoc-1.8.0.242.b08-0.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-javadoc-zip-1.8.0.242.b08-0.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-src-1.8.0.242.b08-0.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'java-1.8.0-openjdk / java-1.8.0-openjdk-accessibility / etc');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-26T14:31:52", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0196 advisory.\n\n - OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909) (CVE-2020-2583)\n\n - OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590)\n\n - OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548) (CVE-2020-2593)\n\n - OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security, 8229951) (CVE-2020-2601)\n\n - OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604)\n\n - OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037) (CVE-2020-2654)\n\n - OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795) (CVE-2020-2659)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-01-22T00:00:00", "type": "nessus", "title": "RHEL 7 : java-1.8.0-openjdk (RHSA-2020:0196)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2583", "CVE-2020-2590", "CVE-2020-2593", "CVE-2020-2601", "CVE-2020-2604", "CVE-2020-2654", "CVE-2020-2659"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:2.3:o:redhat:enterprise_linux:7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_eus:7.7:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.8.0-openjdk:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.8.0-openjdk-accessibility:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.8.0-openjdk-accessibility-debug:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.8.0-openjdk-debug:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.8.0-openjdk-demo:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.8.0-openjdk-demo-debug:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.8.0-openjdk-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.8.0-openjdk-devel-debug:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.8.0-openjdk-headless:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.8.0-openjdk-headless-debug:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc-debug:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc-zip:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc-zip-debug:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.8.0-openjdk-src:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:java-1.8.0-openjdk-src-debug:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_aus:7.7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_e4s:7.7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_tus:7.7:*:*:*:*:*:*:*"], "id": "REDHAT-RHSA-2020-0196.NASL", "href": "https://www.tenable.com/plugins/nessus/133167", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0196. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133167);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2020-2583\",\n \"CVE-2020-2590\",\n \"CVE-2020-2593\",\n \"CVE-2020-2601\",\n \"CVE-2020-2604\",\n \"CVE-2020-2654\",\n \"CVE-2020-2659\"\n );\n script_xref(name:\"RHSA\", value:\"2020:0196\");\n\n script_name(english:\"RHEL 7 : java-1.8.0-openjdk (RHSA-2020:0196)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0196 advisory.\n\n - OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization,\n 8224909) (CVE-2020-2583)\n\n - OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590)\n\n - OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548)\n (CVE-2020-2593)\n\n - OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security, 8229951) (CVE-2020-2601)\n\n - OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422)\n (CVE-2020-2604)\n\n - OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037)\n (CVE-2020-2654)\n\n - OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795)\n (CVE-2020-2659)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2583\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2654\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2659\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0196\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1790444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1790556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1790570\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1790884\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1790944\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1791217\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1791284\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-2604\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 172, 327, 471, 770);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-accessibility-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-demo-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-devel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-headless-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc-zip-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-src-debug\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.7/x86_64/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.7/x86_64/os',\n 'content/aus/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.7/x86_64/debug',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/debug',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/os',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.7/x86_64/os',\n 'content/eus/rhel/computenode/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/os',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/os',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/os',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/os',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/os',\n 'content/tus/rhel/server/7/7.7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'java-1.8.0-openjdk-1.8.0.242.b08-0.el7_7', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-accessibility-1.8.0.242.b08-0.el7_7', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-accessibility-debug-1.8.0.242.b08-0.el7_7', 'sp':'7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-accessibility-debug-1.8.0.242.b08-0.el7_7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-debug-1.8.0.242.b08-0.el7_7', 'sp':'7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-debug-1.8.0.242.b08-0.el7_7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-demo-1.8.0.242.b08-0.el7_7', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-demo-debug-1.8.0.242.b08-0.el7_7', 'sp':'7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-demo-debug-1.8.0.242.b08-0.el7_7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-devel-1.8.0.242.b08-0.el7_7', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-devel-debug-1.8.0.242.b08-0.el7_7', 'sp':'7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-devel-debug-1.8.0.242.b08-0.el7_7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-headless-1.8.0.242.b08-0.el7_7', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-headless-debug-1.8.0.242.b08-0.el7_7', 'sp':'7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-headless-debug-1.8.0.242.b08-0.el7_7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-javadoc-1.8.0.242.b08-0.el7_7', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-javadoc-debug-1.8.0.242.b08-0.el7_7', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-javadoc-zip-1.8.0.242.b08-0.el7_7', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.242.b08-0.el7_7', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-src-1.8.0.242.b08-0.el7_7', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-src-debug-1.8.0.242.b08-0.el7_7', 'sp':'7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-src-debug-1.8.0.242.b08-0.el7_7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'java-1.8.0-openjdk-1.8.0.242.b08-0.el7_7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-accessibility-1.8.0.242.b08-0.el7_7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-accessibility-debug-1.8.0.242.b08-0.el7_7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-accessibility-debug-1.8.0.242.b08-0.el7_7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-debug-1.8.0.242.b08-0.el7_7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-debug-1.8.0.242.b08-0.el7_7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-demo-1.8.0.242.b08-0.el7_7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-demo-debug-1.8.0.242.b08-0.el7_7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-demo-debug-1.8.0.242.b08-0.el7_7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-devel-1.8.0.242.b08-0.el7_7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-devel-debug-1.8.0.242.b08-0.el7_7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-devel-debug-1.8.0.242.b08-0.el7_7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-headless-1.8.0.242.b08-0.el7_7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-headless-debug-1.8.0.242.b08-0.el7_7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-headless-debug-1.8.0.242.b08-0.el7_7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-javadoc-1.8.0.242.b08-0.el7_7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-javadoc-debug-1.8.0.242.b08-0.el7_7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-javadoc-zip-1.8.0.242.b08-0.el7_7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.242.b08-0.el7_7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-src-1.8.0.242.b08-0.el7_7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-src-debug-1.8.0.242.b08-0.el7_7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-openjdk-src-debug-1.8.0.242.b08-0.el7_7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'java-1.8.0-openjdk / java-1.8.0-openjdk-accessibility / etc');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:07:20", "description": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.\nSuccessful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2659)\n\nVulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231.\nDifficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2583)\n\nVulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231.\nDifficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). (CVE-2020-2604)\n\nVulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231.\nDifficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). (CVE-2020-2593)\n\nVulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231.\nDifficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N). (CVE-2020-2601)\n\nVulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231.\nDifficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). (CVE-2020-2590)\n\nVulnerability in the Java SE product of Oracle Java SE (component:\nLibraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).\n(CVE-2020-2654)", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-02-24T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2020-1345)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2583", "CVE-2020-2590", "CVE-2020-2593", "CVE-2020-2601", "CVE-2020-2604", "CVE-2020-2654", "CVE-2020-2659"], "modified": "2020-02-26T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:java-1.8.0-openjdk", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-debuginfo", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-demo", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-devel", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-headless", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-javadoc", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-javadoc-zip", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-src", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2020-1345.NASL", "href": "https://www.tenable.com/plugins/nessus/133871", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2020-1345.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133871);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/26\");\n\n script_cve_id(\"CVE-2020-2583\", \"CVE-2020-2590\", \"CVE-2020-2593\", \"CVE-2020-2601\", \"CVE-2020-2604\", \"CVE-2020-2654\", \"CVE-2020-2659\");\n script_xref(name:\"ALAS\", value:\"2020-1345\");\n\n script_name(english:\"Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2020-1345)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java\nSE (component: Networking). Supported versions that are affected are\nJava SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to\nexploit vulnerability allows unauthenticated attacker with network\naccess via multiple protocols to compromise Java SE, Java SE Embedded.\nSuccessful attacks of this vulnerability can result in unauthorized\nability to cause a partial denial of service (partial DOS) of Java SE,\nJava SE Embedded. Note: This vulnerability applies to Java\ndeployments, typically in clients running sandboxed Java Web Start\napplications or sandboxed Java applets (in Java SE 8), that load and\nrun untrusted code (e.g., code that comes from the internet) and rely\non the Java sandbox for security. This vulnerability can also be\nexploited by using APIs in the specified Component, e.g., through a\nweb service which supplies data to the APIs. CVSS 3.0 Base Score 3.7\n(Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2659)\n\nVulnerability in the Java SE, Java SE Embedded product of Oracle Java\nSE (component: Serialization). Supported versions that are affected\nare Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231.\nDifficult to exploit vulnerability allows unauthenticated attacker\nwith network access via multiple protocols to compromise Java SE, Java\nSE Embedded. Successful attacks of this vulnerability can result in\nunauthorized ability to cause a partial denial of service (partial\nDOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to\nJava deployments, typically in clients running sandboxed Java Web\nStart applications or sandboxed Java applets (in Java SE 8), that load\nand run untrusted code (e.g., code that comes from the internet) and\nrely on the Java sandbox for security. This vulnerability can also be\nexploited by using APIs in the specified Component, e.g., through a\nweb service which supplies data to the APIs. CVSS 3.0 Base Score 3.7\n(Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2583)\n\nVulnerability in the Java SE, Java SE Embedded product of Oracle Java\nSE (component: Serialization). Supported versions that are affected\nare Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231.\nDifficult to exploit vulnerability allows unauthenticated attacker\nwith network access via multiple protocols to compromise Java SE, Java\nSE Embedded. Successful attacks of this vulnerability can result in\ntakeover of Java SE, Java SE Embedded. Note: This vulnerability\napplies to Java deployments, typically in clients running sandboxed\nJava Web Start applications or sandboxed Java applets (in Java SE 8),\nthat load and run untrusted code (e.g., code that comes from the\ninternet) and rely on the Java sandbox for security. This\nvulnerability can also be exploited by using APIs in the specified\nComponent, e.g., through a web service which supplies data to the\nAPIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and\nAvailability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). (CVE-2020-2604)\n\nVulnerability in the Java SE, Java SE Embedded product of Oracle Java\nSE (component: Networking). Supported versions that are affected are\nJava SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231.\nDifficult to exploit vulnerability allows unauthenticated attacker\nwith network access via multiple protocols to compromise Java SE, Java\nSE Embedded. Successful attacks of this vulnerability can result in\nunauthorized update, insert or delete access to some of Java SE, Java\nSE Embedded accessible data as well as unauthorized read access to a\nsubset of Java SE, Java SE Embedded accessible data. Note: This\nvulnerability applies to Java deployments, typically in clients\nrunning sandboxed Java Web Start applications or sandboxed Java\napplets (in Java SE 8), that load and run untrusted code (e.g., code\nthat comes from the internet) and rely on the Java sandbox for\nsecurity. This vulnerability can also be exploited by using APIs in\nthe specified Component, e.g., through a web service which supplies\ndata to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and\nIntegrity impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). (CVE-2020-2593)\n\nVulnerability in the Java SE, Java SE Embedded product of Oracle Java\nSE (component: Security). Supported versions that are affected are\nJava SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231.\nDifficult to exploit vulnerability allows unauthenticated attacker\nwith network access via Kerberos to compromise Java SE, Java SE\nEmbedded. While the vulnerability is in Java SE, Java SE Embedded,\nattacks may significantly impact additional products. Successful\nattacks of this vulnerability can result in unauthorized access to\ncritical data or complete access to all Java SE, Java SE Embedded\naccessible data. Note: This vulnerability applies to Java deployments,\ntypically in clients running sandboxed Java Web Start applications or\nsandboxed Java applets (in Java SE 8), that load and run untrusted\ncode (e.g., code that comes from the internet) and rely on the Java\nsandbox for security. This vulnerability can also be exploited by\nusing APIs in the specified Component, e.g., through a web service\nwhich supplies data to the APIs. CVSS 3.0 Base Score 6.8\n(Confidentiality impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N). (CVE-2020-2601)\n\nVulnerability in the Java SE, Java SE Embedded product of Oracle Java\nSE (component: Security). Supported versions that are affected are\nJava SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231.\nDifficult to exploit vulnerability allows unauthenticated attacker\nwith network access via Kerberos to compromise Java SE, Java SE\nEmbedded. Successful attacks of this vulnerability can result in\nunauthorized update, insert or delete access to some of Java SE, Java\nSE Embedded accessible data. Note: This vulnerability applies to Java\ndeployments, typically in clients running sandboxed Java Web Start\napplications or sandboxed Java applets (in Java SE 8), that load and\nrun untrusted code (e.g., code that comes from the internet) and rely\non the Java sandbox for security. This vulnerability can also be\nexploited by using APIs in the specified Component, e.g., through a\nweb service which supplies data to the APIs. CVSS 3.0 Base Score 3.7\n(Integrity impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). (CVE-2020-2590)\n\nVulnerability in the Java SE product of Oracle Java SE (component:\nLibraries). Supported versions that are affected are Java SE: 7u241,\n8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows\nunauthenticated attacker with network access via multiple protocols to\ncompromise Java SE. Successful attacks of this vulnerability can\nresult in unauthorized ability to cause a partial denial of service\n(partial DOS) of Java SE. Note: This vulnerability can only be\nexploited by supplying data to APIs in the specified Component without\nusing Untrusted Java Web Start applications or Untrusted Java applets,\nsuch as through a web service. CVSS 3.0 Base Score 3.7 (Availability\nimpacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).\n(CVE-2020-2654)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2020-1345.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update java-1.8.0-openjdk' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-javadoc-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"java-1.8.0-openjdk-1.8.0.242.b08-0.50.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.8.0-openjdk-debuginfo-1.8.0.242.b08-0.50.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.8.0-openjdk-demo-1.8.0.242.b08-0.50.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.8.0-openjdk-devel-1.8.0.242.b08-0.50.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.8.0-openjdk-headless-1.8.0.242.b08-0.50.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.8.0-openjdk-javadoc-1.8.0.242.b08-0.50.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.8.0-openjdk-javadoc-zip-1.8.0.242.b08-0.50.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.8.0-openjdk-src-1.8.0.242.b08-0.50.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk / java-1.8.0-openjdk-debuginfo / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:06:47", "description": "An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security, 8229951) (CVE-2020-2601)\n\n* OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604)\n\n* OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590)\n\n* OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548) (CVE-2020-2593)\n\n* OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037) (CVE-2020-2654)\n\n* OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909) (CVE-2020-2583)\n\n* OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795) (CVE-2020-2659)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-02-28T00:00:00", "type": "nessus", "title": "CentOS 6 : java-1.7.0-openjdk (CESA-2020:0632)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2583", "CVE-2020-2590", "CVE-2020-2593", "CVE-2020-2601", "CVE-2020-2604", "CVE-2020-2654", "CVE-2020-2659"], "modified": "2020-03-06T00:00:00", "cpe": ["p-cpe:/a:centos:centos:java-1.7.0-openjdk", "p-cpe:/a:centos:centos:java-1.7.0-openjdk-demo", "p-cpe:/a:centos:centos:java-1.7.0-openjdk-devel", "p-cpe:/a:centos:centos:java-1.7.0-openjdk-javadoc", "p-cpe:/a:centos:centos:java-1.7.0-openjdk-src", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2020-0632.NASL", "href": "https://www.tenable.com/plugins/nessus/134123", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2020:0632 and \n# CentOS Errata and Security Advisory 2020:0632 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(134123);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/06\");\n\n script_cve_id(\"CVE-2020-2583\", \"CVE-2020-2590\", \"CVE-2020-2593\", \"CVE-2020-2601\", \"CVE-2020-2604\", \"CVE-2020-2654\", \"CVE-2020-2659\");\n script_xref(name:\"RHSA\", value:\"2020:0632\");\n\n script_name(english:\"CentOS 6 : java-1.7.0-openjdk (CESA-2020:0632)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for java-1.7.0-openjdk is now available for Red Hat\nEnterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security,\n8229951) (CVE-2020-2601)\n\n* OpenJDK: Serialization filter changes via jdk.serialFilter property\nmodification (Serialization, 8231422) (CVE-2020-2604)\n\n* OpenJDK: Improper checks of SASL message properties in GssKrb5Base\n(Security, 8226352) (CVE-2020-2590)\n\n* OpenJDK: Incorrect isBuiltinStreamHandler check causing URL\nnormalization issues (Networking, 8228548) (CVE-2020-2593)\n\n* OpenJDK: Excessive memory usage in OID processing in X.509\ncertificate parsing (Libraries, 8234037) (CVE-2020-2654)\n\n* OpenJDK: Incorrect exception processing during deserialization in\nBeanContextSupport (Serialization, 8224909) (CVE-2020-2583)\n\n* OpenJDK: Incomplete enforcement of maxDatagramSockets limit in\nDatagramChannelImpl (Networking, 8231795) (CVE-2020-2659)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2020-February/035651.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a26e77f2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.7.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-2604\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.7.0-openjdk-1.7.0.251-2.6.21.0.el6_10\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.7.0-openjdk-demo-1.7.0.251-2.6.21.0.el6_10\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.7.0-openjdk-devel-1.7.0.251-2.6.21.0.el6_10\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.251-2.6.21.0.el6_10\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.7.0-openjdk-src-1.7.0.251-2.6.21.0.el6_10\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:08:40", "description": "This update for java-1_7_0-openjdk fixes the following issues :\n\nUpdate java-1_7_0-openjdk to version jdk7u251 (January 2020 CPU, bsc#1160968) :\n\nCVE-2020-2583: Unlink Set of LinkedHashSets\n\nCVE-2020-2590: Improve Kerberos interop capabilities\n\nCVE-2020-2593: Normalize normalization for all\n\nCVE-2020-2601: Better Ticket Granting Services\n\nCVE-2020-2604: Better serial filter handling\n\nCVE-2020-2659: Enhance datagram socket support\n\nCVE-2020-2654: Improve Object Identifier Processing\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-11T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2020:0628-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2583", "CVE-2020-2590", "CVE-2020-2593", "CVE-2020-2601", "CVE-2020-2604", "CVE-2020-2654", "CVE-2020-2659"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debuginfo", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debugsource", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo-debuginfo", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel-debuginfo", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-0628-1.NASL", "href": "https://www.tenable.com/plugins/nessus/134399", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:0628-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(134399);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-2583\", \"CVE-2020-2590\", \"CVE-2020-2593\", \"CVE-2020-2601\", \"CVE-2020-2604\", \"CVE-2020-2654\", \"CVE-2020-2659\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2020:0628-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for java-1_7_0-openjdk fixes the following issues :\n\nUpdate java-1_7_0-openjdk to version jdk7u251 (January 2020 CPU,\nbsc#1160968) :\n\nCVE-2020-2583: Unlink Set of LinkedHashSets\n\nCVE-2020-2590: Improve Kerberos interop capabilities\n\nCVE-2020-2593: Normalize normalization for all\n\nCVE-2020-2601: Better Ticket Granting Services\n\nCVE-2020-2604: Better serial filter handling\n\nCVE-2020-2659: Enhance datagram socket support\n\nCVE-2020-2654: Improve Object Identifier Processing\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160968\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-2583/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-2590/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-2593/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-2601/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-2604/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-2654/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-2659/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20200628-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c2c325e5\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 8:zypper in -t patch\nSUSE-OpenStack-Cloud-Crowbar-8-2020-628=1\n\nSUSE OpenStack Cloud 8:zypper in -t patch\nSUSE-OpenStack-Cloud-8-2020-628=1\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2020-628=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3:zypper in -t patch\nSUSE-SLE-SAP-12-SP3-2020-628=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2020-628=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2020-628=1\n\nSUSE Linux Enterprise Server 12-SP5:zypper in -t patch\nSUSE-SLE-SERVER-12-SP5-2020-628=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2020-628=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2020-628=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-BCL-2020-628=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2020-628=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2020-628=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2020-628=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2020-628=1\n\nSUSE Enterprise Storage 5:zypper in -t patch SUSE-Storage-5-2020-628=1\n\nHPE Helion Openstack 8:zypper in -t patch\nHPE-Helion-OpenStack-8-2020-628=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1|2|3|4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1/2/3/4/5\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-1.7.0.251-43.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.251-43.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.251-43.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-demo-1.7.0.251-43.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-demo-debuginfo-1.7.0.251-43.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-devel-1.7.0.251-43.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-devel-debuginfo-1.7.0.251-43.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-headless-1.7.0.251-43.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.251-43.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_7_0-openjdk-1.7.0.251-43.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.251-43.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.251-43.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_7_0-openjdk-demo-1.7.0.251-43.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_7_0-openjdk-demo-debuginfo-1.7.0.251-43.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_7_0-openjdk-devel-1.7.0.251-43.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_7_0-openjdk-devel-debuginfo-1.7.0.251-43.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_7_0-openjdk-headless-1.7.0.251-43.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.251-43.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_7_0-openjdk-1.7.0.251-43.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.251-43.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.251-43.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_7_0-openjdk-demo-1.7.0.251-43.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_7_0-openjdk-demo-debuginfo-1.7.0.251-43.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_7_0-openjdk-devel-1.7.0.251-43.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_7_0-openjdk-devel-debuginfo-1.7.0.251-43.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_7_0-openjdk-headless-1.7.0.251-43.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.251-43.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_7_0-openjdk-1.7.0.251-43.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.251-43.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.251-43.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_7_0-openjdk-demo-1.7.0.251-43.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_7_0-openjdk-demo-debuginfo-1.7.0.251-43.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_7_0-openjdk-devel-1.7.0.251-43.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_7_0-openjdk-devel-debuginfo-1.7.0.251-43.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_7_0-openjdk-headless-1.7.0.251-43.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.251-43.35.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"java-1_7_0-openjdk-1.7.0.251-43.35.1\")) flag++;\nif (rp