Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLELINUX_ELSA-2023-1696.NASL
HistoryApr 12, 2023 - 12:00 a.m.

Oracle Linux 9 : haproxy (ELSA-2023-1696)

2023-04-1200:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
7
JSON

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-1696 advisory.

  • HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka request smuggling. The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31. (CVE-2023-25725)

  • An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability. (CVE-2023-0056)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Oracle Linux Security Advisory ELSA-2023-1696.
##

include('compat.inc');

if (description)
{
  script_id(174143);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/04/19");

  script_cve_id("CVE-2023-0056", "CVE-2023-25725");

  script_name(english:"Oracle Linux 9 : haproxy (ELSA-2023-1696)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Oracle Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the
ELSA-2023-1696 advisory.

  - HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in
    some situations, aka request smuggling. The HTTP header parsers in HAProxy may accept empty header field
    names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after
    being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because
    the headers disappear before being parsed and processed, as if they had not been sent by the client. The
    fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31. (CVE-2023-25725)

  - An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the
    service. This issue could allow an authenticated remote attacker to run a specially crafted malicious
    server in an OpenShift cluster. The biggest impact is to availability. (CVE-2023-0056)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://linux.oracle.com/errata/ELSA-2023-1696.html");
  script_set_attribute(attribute:"solution", value:
"Update the affected haproxy package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-25725");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/02/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/04/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/04/12");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:9");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:haproxy");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Oracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/local_checks_enabled");

  exit(0);
}


include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_release = get_kb_item("Host/RedHat/release");
if (isnull(os_release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^9([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 9', 'Oracle Linux ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);

var pkgs = [
    {'reference':'haproxy-2.4.17-3.el9_1.2', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'haproxy-2.4.17-3.el9_1.2', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (reference && _release) {
    if (exists_check) {
        if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
    } else {
        if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
    }
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'haproxy');
}
VendorProductVersionCPE
oraclelinux9cpe:/o:oracle:linux:9
oraclelinuxhaproxyp-cpe:/a:oracle:linux:haproxy

Related

nessus 25
openvas 14
almalinux 1
osv 8
redhat 13
debian 2
fedora 2
oraclelinux 1
debiancve 2
wolfi 2
veracode 2
redos 1
prion 2
cbl_mariner 2
cgr 2
cve 2
ubuntucve 2
redhatcve 2
ubuntu 2
rosalinux 1
photon 5
ibm 2
nessus
nessus
RHEL 9 : haproxy (RHSA-2023:1696)
2023-04-11 00:00:00
SUSE SLES15 Security Update : haproxy (SUSE-SU-2023:0412-1)
2023-02-15 00:00:00
EulerOS 2.0 SP11 : haproxy (EulerOS-SA-2023-2293)
2023-07-04 00:00:00
openvas
openvas
Fedora: Security Advisory for haproxy (FEDORA-2023-3e8a21cd5b)
2023-02-26 00:00:00
Huawei EulerOS: Security Advisory for haproxy (EulerOS-SA-2023-2293)
2023-07-04 00:00:00
Huawei EulerOS: Security Advisory for haproxy (EulerOS-SA-2023-2269)
2023-07-04 00:00:00
almalinux
almalinux
Moderate: haproxy security update
2023-04-11 00:00:00
osv
osv
Moderate: haproxy security update
2023-04-11 00:00:00
haproxy - security update
2023-02-14 00:00:00
BIT-haproxy-2023-25725
2024-03-06 10:53:39
redhat
redhat
(RHSA-2023:1978) Moderate: haproxy security update
2023-04-25 09:58:09
(RHSA-2023:1696) Moderate: haproxy security update
2023-04-11 13:44:23
(RHSA-2023:1268) Moderate: OpenShift Container Platform 4.12.8 security update
2023-03-21 11:41:03
debian
debian
[SECURITY] [DSA 5348-1] haproxy security update
2023-02-14 16:20:20
[SECURITY] [DLA 3318-1] haproxy security update
2023-02-14 18:04:30
fedora
fedora
[SECURITY] Fedora 37 Update: haproxy-2.6.9-1.fc37
2023-02-25 03:44:10
[SECURITY] Fedora 36 Update: haproxy-2.4.22-2.fc36
2023-02-25 04:02:52
oraclelinux
oraclelinux
haproxy security update
2023-04-11 00:00:00
debiancve
debiancve
CVE-2023-25725
2023-02-14 19:15:11
CVE-2023-0056
2023-03-23 21:15:19
wolfi
wolfi
CVE-2023-25725 vulnerabilities
2024-04-28 03:51:41
CVE-2023-0056 vulnerabilities
2024-04-28 03:51:41
veracode
veracode
Privilege Escalation
2023-02-25 20:47:07
Denial Of Service (DoS)
2023-01-24 20:56:42
redos
redos
ROS-20230620-03
2023-06-20 00:00:00
prion
prion
Improper access control
2023-02-14 19:15:00
Denial of service
2023-03-23 21:15:00
cbl_mariner
cbl_mariner
CVE-2023-25725 affecting package haproxy 2.4.13-1
2023-03-02 21:45:55
CVE-2023-25725 affecting package haproxy 2.1.5-1
2023-06-27 21:25:25
cgr
cgr
CVE-2023-25725 vulnerabilities
2024-04-28 03:20:57
CVE-2023-0056 vulnerabilities
2024-04-28 03:20:57
cve
cve
CVE-2023-25725
2023-02-14 19:15:11
CVE-2023-0056
2023-03-23 21:15:19
ubuntucve
ubuntucve
CVE-2023-25725
2023-02-14 00:00:00
CVE-2023-0056
2023-01-18 00:00:00
redhatcve
redhatcve
CVE-2023-25725
2023-02-14 17:57:00
CVE-2023-0056
2023-01-13 19:35:04
ubuntu
ubuntu
HAProxy vulnerability
2023-02-14 00:00:00
HAProxy vulnerability
2023-01-23 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2400
2024-04-17 13:35:24
photon
photon
Important Photon OS Security Update - PHSA-2023-3.0-0566
2023-04-10 00:00:00
Critical Photon OS Security Update - PHSA-2023-4.0-0350
2023-03-07 00:00:00
Important Photon OS Security Update - PHSA-2023-4.0-0373
2023-04-10 00:00:00
ibm
ibm
Security Bulletin: Multiple Security Vulnerabilities were identified in IBM Security Verify Access.
2024-01-09 20:33:04
Security Bulletin: Multiple Security Vulnerabilities were identified in IBM Security Verify Access.
2024-01-17 15:30:59
JSON
Related for ORACLELINUX_ELSA-2023-1696.NASL
nessus25openvas14almalinux1osv8redhat13debian2fedora2oraclelinux1debiancve2wolfi2veracode2redos1prion2cbl_mariner2cgr2cve2ubuntucve2redhatcve2ubuntu2rosalinux1photon5ibm2