Oracle WebLogic Server Multiple Vulnerabilities (Jul 2020 CPU)
2020-07-17T00:00:00
ID ORACLE_WEBLOGIC_SERVER_CPU_JUL_2020.NASL Type nessus Reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2020-07-17T00:00:00
Description
The version of WebLogic Server installed on the remote host is affected by multiple vulnerabilities as referenced in
the July 2020 CPU advisory.
A vulnerability Centralized Thirdparty Jars (jackson-databind) exists. An unauthenticated, remote attacker
can exploit this issue via the HTTP protocol to takeover the Oracle WebLogic Server. (CVE-2020-9546)
A vulnerability in the Core component exists. An unauthenticated, remote attacker can exploit this issue
via the IIOP and T3 protocols to takeover the Oracle WebLogic Server. (CVE-2020-14687)
A vulnerability in the Core component exists. An unauthenticated, remote attacker can exploit this issue
via the IIOP and T3 protocols to takeover the Oracle WebLogic Server. (CVE-2020-14645)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number. Also note that Oracle recommends applying ADR patches for the security issues documented here. Please see the
applicable ADR Patch note for more information on the applicability of this patch.
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(138592);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2020/09/21");
script_cve_id(
"CVE-2017-5645",
"CVE-2018-11058",
"CVE-2020-2966",
"CVE-2020-2967",
"CVE-2020-5398",
"CVE-2020-9546",
"CVE-2020-14557",
"CVE-2020-14572",
"CVE-2020-14588",
"CVE-2020-14589",
"CVE-2020-14622",
"CVE-2020-14625",
"CVE-2020-14644",
"CVE-2020-14645",
"CVE-2020-14652",
"CVE-2020-14687"
);
script_bugtraq_id(97702, 108106);
script_xref(name:"IAVA", value:"2020-A-0327");
script_name(english:"Oracle WebLogic Server Multiple Vulnerabilities (Jul 2020 CPU)");
script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by multiple vulnerabilities");
script_set_attribute(attribute:"description", value:
"The version of WebLogic Server installed on the remote host is affected by multiple vulnerabilities as referenced in
the July 2020 CPU advisory.
- A vulnerability Centralized Thirdparty Jars (jackson-databind) exists. An unauthenticated, remote attacker
can exploit this issue via the HTTP protocol to takeover the Oracle WebLogic Server. (CVE-2020-9546)
- A vulnerability in the Core component exists. An unauthenticated, remote attacker can exploit this issue
via the IIOP and T3 protocols to takeover the Oracle WebLogic Server. (CVE-2020-14687)
- A vulnerability in the Core component exists. An unauthenticated, remote attacker can exploit this issue
via the IIOP and T3 protocols to takeover the Oracle WebLogic Server. (CVE-2020-14645)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number. Also note that Oracle recommends applying ADR patches for the security issues documented here. Please see the
applicable ADR Patch note for more information on the applicability of this patch.");
script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/a/tech/docs/cpujul2020cvrf.xml");
script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpujul2020.html");
script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the July 2020 Oracle Critical Patch Update advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-5398");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/07/14");
script_set_attribute(attribute:"patch_publication_date", value:"2020/07/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/07/17");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:fusion_middleware");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:weblogic_server");
script_set_attribute(attribute:"agent", value:"all");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("oracle_weblogic_server_installed.nbin", "os_fingerprint.nasl");
script_require_keys("installed_sw/Oracle WebLogic Server");
exit(0);
}
include('audit.inc');
include('install_func.inc');
app_name = 'Oracle WebLogic Server';
os = get_kb_item_or_exit('Host/OS');
if ('windows' >< tolower(os))
{
port = get_kb_item('SMB/transport');
if (!port) port = 445;
}
else port = 0;
install = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);
version = install['version'];
fix = NULL;
fix_ver = NULL;
if (version =~ "^14\.1\.1\.")
{
fix_ver = '14.1.1.0.200624';
fix = make_list('31532352');
}
if (version =~ "^12\.2\.1\.4($|[^0-9])")
{
fix_ver = '12.2.1.4.200624';
fix = make_list('31537019', '31544353');
}
else if (version =~ "^12\.2\.1\.3($|[^0-9])")
{
fix_ver = '12.2.1.3.200624';
fix = make_list('31535411', '31544340');
}
else if (version =~ "^12\.1\.3\.")
{
fix_ver = '12.1.3.0.200714';
fix = make_list('31178516', '31544363');
}
else if (version =~ "^10\.3\.6\.")
{
fix_ver = '10.3.6.0.200714';
fix = make_list('I37G', '31241365 (WX4Q / JFJY / EZTP / YLB6 / NQ12 / CW7X / TYIA / RGT7 / KKLY / YQFU / A14T)');
}
if (isnull(fix_ver) || ver_compare(ver:version, fix:fix_ver, strict:FALSE) >= 0)
audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, install['path']);
else {
report =
'\n Oracle Home : ' + install['Oracle Home'] +
'\n Install path : ' + install['path'] +
'\n Version : ' + version +
'\n Fixes : ' + join(sep:', ', fix);
security_report_v4(extra:report, severity:SECURITY_HOLE, port:port);
}
{"id": "ORACLE_WEBLOGIC_SERVER_CPU_JUL_2020.NASL", "bulletinFamily": "scanner", "title": "Oracle WebLogic Server Multiple Vulnerabilities (Jul 2020 CPU)", "description": "The version of WebLogic Server installed on the remote host is affected by multiple vulnerabilities as referenced in\nthe July 2020 CPU advisory.\n\n - A vulnerability Centralized Thirdparty Jars (jackson-databind) exists. An unauthenticated, remote attacker\n can exploit this issue via the HTTP protocol to takeover the Oracle WebLogic Server. (CVE-2020-9546)\n\n - A vulnerability in the Core component exists. An unauthenticated, remote attacker can exploit this issue\n via the IIOP and T3 protocols to takeover the Oracle WebLogic Server. (CVE-2020-14687)\n\n - A vulnerability in the Core component exists. An unauthenticated, remote attacker can exploit this issue\n via the IIOP and T3 protocols to takeover the Oracle WebLogic Server. (CVE-2020-14645)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber. Also note that Oracle recommends applying ADR patches for the security issues documented here. Please see the\napplicable ADR Patch note for more information on the applicability of this patch.", "published": "2020-07-17T00:00:00", "modified": "2020-07-17T00:00:00", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/138592", "reporter": "This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.oracle.com/a/tech/docs/cpujul2020cvrf.xml", "https://www.oracle.com/security-alerts/cpujul2020.html"], "cvelist": ["CVE-2020-2967", "CVE-2020-14572", "CVE-2020-14687", "CVE-2020-14625", "CVE-2020-14622", "CVE-2020-14589", "CVE-2020-14645", "CVE-2020-14652", "CVE-2020-2966", "CVE-2020-14644", "CVE-2018-11058", "CVE-2020-14557", "CVE-2017-5645", "CVE-2020-14588", "CVE-2020-5398", "CVE-2020-9546"], "type": "nessus", "lastseen": "2020-09-22T08:47:49", "edition": 7, "viewCount": 273, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-14652", "CVE-2020-14589", "CVE-2020-14645", "CVE-2020-14622", "CVE-2020-14572", "CVE-2020-14588", "CVE-2020-14687", "CVE-2020-14557", "CVE-2020-14644", "CVE-2020-9546"]}, {"type": "f5", "idList": ["F5:K23173103"]}, {"type": "atlassian", "idList": ["ATLASSIAN:BSERV-12196"]}, {"type": "symantec", "idList": ["SMNTC-97702"]}, {"type": "seebug", "idList": ["SSV:92965"]}, {"type": "nessus", "idList": ["SL_20170807_LOG4J_ON_SL7_X.NASL", "FEDORA_2017-511EBFA8A3.NASL", "ORACLE_ACCESS_MANAGER_CPU_OCT_2020.NASL", "ORACLE_GOLDENGATE_FOR_BIG_DATA_CPU_JAN_2019.NASL", "SPRING_CVE-2020-5398.NASL", "EULEROS_SA-2017-1213.NASL", "FEDORA_2017-11EDC0D6C3.NASL", "FEDORA_2017-7E0FF7F73A.NASL", "ORACLE_RUEI_CPU_APR_2020.NASL", "EULEROS_SA-2017-1214.NASL"]}, {"type": "ptsecurity", "idList": ["PT-2020-09", "PT-2020-07"]}, {"type": "github", "idList": ["GHSA-8WX2-9Q48-VM9R", "GHSA-FXPH-Q3J8-MV87", "GHSA-5P34-5M6P-P58G"]}, {"type": "zdi", "idList": ["ZDI-20-885"]}, {"type": "redhat", "idList": ["RHSA-2017:2637", "RHSA-2017:2423", "RHSA-2017:2888", "RHSA-2017:2889", "RHSA-2017:1417", "RHSA-2017:2636", "RHSA-2017:2638", "RHSA-2017:2635", "RHSA-2017:3400", "RHSA-2017:3399"]}, {"type": "myhack58", "idList": ["MYHACK58:62201785372", "MYHACK58:62201785395"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-2423"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310872759", "OPENVAS:1361412562310892135", "OPENVAS:1361412562310814409", "OPENVAS:1361412562310872638", "OPENVAS:1361412562310872637", "OPENVAS:1361412562311220171214", "OPENVAS:1361412562310872757", "OPENVAS:1361412562311220171213", "OPENVAS:1361412562310871877"]}, {"type": "centos", "idList": ["CESA-2017:2423"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2135-1:92903"]}, {"type": "attackerkb", "idList": ["AKB:FB2F65B2-D10B-4622-AEE6-41AAD3C1E6E7"]}], "modified": "2020-09-22T08:47:49", "rev": 2}, "score": {"value": 7.2, "vector": "NONE", "modified": "2020-09-22T08:47:49", "rev": 2}, "vulnersScore": 7.2}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138592);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/21\");\n\n script_cve_id(\n \"CVE-2017-5645\",\n \"CVE-2018-11058\",\n \"CVE-2020-2966\",\n \"CVE-2020-2967\",\n \"CVE-2020-5398\",\n \"CVE-2020-9546\",\n \"CVE-2020-14557\",\n \"CVE-2020-14572\",\n \"CVE-2020-14588\",\n \"CVE-2020-14589\",\n \"CVE-2020-14622\",\n \"CVE-2020-14625\",\n \"CVE-2020-14644\",\n \"CVE-2020-14645\",\n \"CVE-2020-14652\",\n \"CVE-2020-14687\"\n );\n script_bugtraq_id(97702, 108106);\n script_xref(name:\"IAVA\", value:\"2020-A-0327\");\n\n script_name(english:\"Oracle WebLogic Server Multiple Vulnerabilities (Jul 2020 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of WebLogic Server installed on the remote host is affected by multiple vulnerabilities as referenced in\nthe July 2020 CPU advisory.\n\n - A vulnerability Centralized Thirdparty Jars (jackson-databind) exists. An unauthenticated, remote attacker\n can exploit this issue via the HTTP protocol to takeover the Oracle WebLogic Server. (CVE-2020-9546)\n\n - A vulnerability in the Core component exists. An unauthenticated, remote attacker can exploit this issue\n via the IIOP and T3 protocols to takeover the Oracle WebLogic Server. (CVE-2020-14687)\n\n - A vulnerability in the Core component exists. An unauthenticated, remote attacker can exploit this issue\n via the IIOP and T3 protocols to takeover the Oracle WebLogic Server. (CVE-2020-14645)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber. Also note that Oracle recommends applying ADR patches for the security issues documented here. Please see the\napplicable ADR Patch note for more information on the applicability of this patch.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/a/tech/docs/cpujul2020cvrf.xml\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpujul2020.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the July 2020 Oracle Critical Patch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-5398\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:fusion_middleware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:weblogic_server\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_weblogic_server_installed.nbin\", \"os_fingerprint.nasl\");\n script_require_keys(\"installed_sw/Oracle WebLogic Server\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('install_func.inc');\n\napp_name = 'Oracle WebLogic Server';\n\nos = get_kb_item_or_exit('Host/OS');\nif ('windows' >< tolower(os))\n{\n port = get_kb_item('SMB/transport');\n if (!port) port = 445;\n}\nelse port = 0;\n\ninstall = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);\nversion = install['version'];\n\nfix = NULL;\nfix_ver = NULL;\n\nif (version =~ \"^14\\.1\\.1\\.\")\n{\n fix_ver = '14.1.1.0.200624';\n fix = make_list('31532352');\n}\n\nif (version =~ \"^12\\.2\\.1\\.4($|[^0-9])\")\n{\n fix_ver = '12.2.1.4.200624';\n fix = make_list('31537019', '31544353');\n}\n\nelse if (version =~ \"^12\\.2\\.1\\.3($|[^0-9])\")\n{\n fix_ver = '12.2.1.3.200624';\n fix = make_list('31535411', '31544340');\n}\nelse if (version =~ \"^12\\.1\\.3\\.\")\n{\n fix_ver = '12.1.3.0.200714';\n fix = make_list('31178516', '31544363');\n}\nelse if (version =~ \"^10\\.3\\.6\\.\")\n{\n fix_ver = '10.3.6.0.200714';\n fix = make_list('I37G', '31241365 (WX4Q / JFJY / EZTP / YLB6 / NQ12 / CW7X / TYIA / RGT7 / KKLY / YQFU / A14T)');\n}\n\nif (isnull(fix_ver) || ver_compare(ver:version, fix:fix_ver, strict:FALSE) >= 0)\n audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, install['path']);\n\nelse {\n report =\n '\\n Oracle Home : ' + install['Oracle Home'] +\n '\\n Install path : ' + install['path'] +\n '\\n Version : ' + version +\n '\\n Fixes : ' + join(sep:', ', fix);\n security_report_v4(extra:report, severity:SECURITY_HOLE, port:port);\n}\n", "naslFamily": "Misc.", "pluginID": "138592", "cpe": ["cpe:/a:oracle:weblogic_server", "cpe:/a:oracle:fusion_middleware"], "cvss3": {"score": 7.5, "vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "scheme": null}
{"cve": [{"lastseen": "2020-10-03T12:55:50", "description": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "edition": 4, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-07-15T18:15:00", "title": "CVE-2020-14589", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14589"], "modified": "2020-07-20T18:35:00", "cpe": ["cpe:/a:oracle:weblogic_server:10.3.6.0.0", "cpe:/a:oracle:weblogic_server:12.2.1.3.0", "cpe:/a:oracle:weblogic_server:12.2.1.4.0", "cpe:/a:oracle:weblogic_server:12.1.3.0.0", "cpe:/a:oracle:weblogic_server:14.1.1.0.0"], "id": "CVE-2020-14589", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14589", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:55:50", "description": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N).", "edition": 4, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 8.2, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.2}, "published": "2020-07-15T18:15:00", "title": "CVE-2020-14588", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14588"], "modified": "2020-07-21T03:07:00", "cpe": ["cpe:/a:oracle:weblogic_server:10.3.6.0.0", "cpe:/a:oracle:weblogic_server:12.2.1.3.0", "cpe:/a:oracle:weblogic_server:12.2.1.4.0", "cpe:/a:oracle:weblogic_server:12.1.3.0.0", "cpe:/a:oracle:weblogic_server:14.1.1.0.0"], "id": "CVE-2020-14588", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14588", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:55:50", "description": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "edition": 4, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2020-07-15T18:15:00", "title": "CVE-2020-14572", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14572"], "modified": "2020-07-17T20:37:00", "cpe": ["cpe:/a:oracle:weblogic_server:10.3.6.0.0", "cpe:/a:oracle:weblogic_server:12.2.1.3.0", "cpe:/a:oracle:weblogic_server:12.2.1.4.0", "cpe:/a:oracle:weblogic_server:12.1.3.0.0"], "id": "CVE-2020-14572", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14572", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:55:50", "description": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data as well as unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N).", "edition": 4, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.2}, "published": "2020-07-15T18:15:00", "title": "CVE-2020-14557", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14557"], "modified": "2020-07-21T03:04:00", "cpe": ["cpe:/a:oracle:weblogic_server:12.2.1.3.0", "cpe:/a:oracle:weblogic_server:12.2.1.4.0", "cpe:/a:oracle:weblogic_server:12.1.3.0.0", "cpe:/a:oracle:weblogic_server:14.1.1.0.0"], "id": "CVE-2020-14557", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14557", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:55:50", "description": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "edition": 4, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-07-15T18:15:00", "title": "CVE-2020-14687", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14687"], "modified": "2020-07-20T17:52:00", "cpe": ["cpe:/a:oracle:weblogic_server:12.2.1.3.0", "cpe:/a:oracle:weblogic_server:12.2.1.4.0", "cpe:/a:oracle:weblogic_server:14.1.1.0.0"], "id": "CVE-2020-14687", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14687", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:55:50", "description": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "edition": 4, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-07-15T18:15:00", "title": "CVE-2020-14645", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14645"], "modified": "2020-07-20T17:05:00", "cpe": ["cpe:/a:oracle:weblogic_server:10.3.6.0.0", "cpe:/a:oracle:weblogic_server:12.2.1.3.0", "cpe:/a:oracle:weblogic_server:12.2.1.4.0", "cpe:/a:oracle:weblogic_server:12.1.3.0.0", "cpe:/a:oracle:weblogic_server:14.1.1.0.0"], "id": "CVE-2020-14645", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14645", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:55:50", "description": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).", "edition": 4, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 2.5}, "published": "2020-07-15T18:15:00", "title": "CVE-2020-14652", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14652"], "modified": "2020-07-20T17:39:00", "cpe": ["cpe:/a:oracle:weblogic_server:10.3.6.0.0", "cpe:/a:oracle:weblogic_server:12.2.1.3.0", "cpe:/a:oracle:weblogic_server:12.2.1.4.0", "cpe:/a:oracle:weblogic_server:12.1.3.0.0", "cpe:/a:oracle:weblogic_server:14.1.1.0.0"], "id": "CVE-2020-14652", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14652", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:55:50", "description": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).", "edition": 4, "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-07-15T18:15:00", "title": "CVE-2020-14622", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14622"], "modified": "2020-07-20T14:52:00", "cpe": ["cpe:/a:oracle:weblogic_server:10.3.6.0.0", "cpe:/a:oracle:weblogic_server:12.2.1.3.0", "cpe:/a:oracle:weblogic_server:12.2.1.4.0", "cpe:/a:oracle:weblogic_server:12.1.3.0.0", "cpe:/a:oracle:weblogic_server:14.1.1.0.0"], "id": "CVE-2020-14622", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14622", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:55:50", "description": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "edition": 4, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-07-15T18:15:00", "title": "CVE-2020-14644", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14644"], "modified": "2020-07-20T17:03:00", "cpe": ["cpe:/a:oracle:weblogic_server:12.2.1.3.0", "cpe:/a:oracle:weblogic_server:12.2.1.4.0", "cpe:/a:oracle:weblogic_server:14.1.1.0.0"], "id": "CVE-2020-14644", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14644", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-01-21T14:33:17", "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", "edition": 17, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-03-02T04:15:00", "title": "CVE-2020-9546", "type": "cve", "cwe": ["CWE-502"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9546"], "modified": "2021-01-20T15:15:00", "cpe": [], "id": "CVE-2020-9546", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9546", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}], "f5": [{"lastseen": "2019-06-28T14:42:35", "bulletinFamily": "software", "cvelist": ["CVE-2017-5645"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "edition": 1, "modified": "2018-02-01T03:02:00", "published": "2018-02-01T02:53:00", "id": "F5:K23173103", "href": "https://support.f5.com/csp/article/K23173103", "title": "log4j vulnerability CVE-2017-5645", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "atlassian": [{"lastseen": "2020-12-24T14:35:31", "bulletinFamily": "software", "cvelist": ["CVE-2020-5398"], "description": "h3. Issue Summary\r\n\r\nSecurity vulnerability scan gave a red flag for Spring Framework plugin version that is used in Bitbucket Server version 6.10.0. The CVE-2020-5398 is being noted from the report scan.\r\nh3. Description\r\n\r\nPlugin: Spring Framework 5.0.x < 5.0.16 / 5.1.x < 5.1.13 / 5.2.x < 5.2.3 Spring Framework Reflected File Download Vulnerability.\r\n\r\n!spring1.PNG|thumbnail!", "edition": 33, "modified": "2020-07-07T21:20:24", "published": "2020-02-17T06:00:21", "id": "ATLASSIAN:BSERV-12196", "href": "https://jira.atlassian.com/browse/BSERV-12196", "title": "Spring Framework Vulnerability - CVE-2020-5398", "type": "atlassian", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "symantec": [{"lastseen": "2019-10-16T10:31:06", "bulletinFamily": "software", "cvelist": ["CVE-2017-5645"], "description": "### Description\n\nApache Log4j is prone to remote code-execution vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. Apache Log4j 2.0-alpha1 through 2.8.1 are vulnerable.\n\n### Technologies Affected\n\n * Apache Log4j 2.0 Beta1 \n * Apache Log4j 2.0 Beta2 \n * Apache Log4j 2.0 Beta4 \n * Apache Log4j 2.0 RC1 \n * Apache Log4j 2.0 RC2 \n * Apache Log4j 2.0 alpha2 \n * Apache Log4j 2.0 beta3 \n * Apache Log4j 2.0 beta5 \n * Apache Log4j 2.0 beta6 \n * Apache Log4j 2.0 beta7 \n * Apache Log4j 2.0 beta8 \n * Apache Log4j 2.0 beta9 \n * Apache Log4j 2.0-alpha1 \n * Apache Log4j 2.0.1 \n * Apache Log4j 2.0.2 \n * Apache Log4j 2.1 \n * Apache Log4j 2.2 \n * Apache Log4j 2.3 \n * Apache Log4j 2.4 \n * Apache Log4j 2.4.1 \n * Apache Log4j 2.5 \n * Apache Log4j 2.6 \n * Apache Log4j 2.6.1 \n * Apache Log4j 2.6.2 \n * Apache Log4j 2.7 \n * Apache Log4j 2.8 \n * Apache Log4j 2.8.1 \n * Oracle API Gateway 11.1.2.4.0 \n * Oracle Agile Engineering Data Management 6.1.3 \n * Oracle Agile Engineering Data Management 6.2.0 \n * Oracle Agile Engineering Data Management 6.2.1 \n * Oracle Agile Material and Equipment Management for Pharmaceuticals 9.3.3 \n * Oracle Agile Material and Equipment Management for Pharmaceuticals 9.3.4 \n * Oracle Agile PLM 9.3.3 \n * Oracle Agile PLM 9.3.4 \n * Oracle Agile PLM 9.3.5 \n * Oracle Agile PLM 9.3.6 \n * Oracle Agile PLM MCAD Connector 3.3 \n * Oracle Agile PLM MCAD Connector 3.4 \n * Oracle Agile PLM MCAD Connector 3.5 \n * Oracle Agile PLM MCAD Connector 3.6 \n * Oracle Application Testing Suite 12.5.0.3 \n * Oracle Application Testing Suite 13.1.0.1 \n * Oracle Application Testing Suite 13.2.0.1 \n * Oracle Autovue for Agile Product Lifecycle Management 21.0.0 \n * Oracle Autovue for Agile Product Lifecycle Management 21.0.1 \n * Oracle BI Publisher 11.1.1.7.0 \n * Oracle BI Publisher 11.1.1.9.0 \n * Oracle BI Publisher 12.2.1.3.0 \n * Oracle BI Publisher 12.2.1.4.0 \n * Oracle Big Data Discovery 1.6.0 \n * Oracle Business Intelligence Data Warehouse Administration Console 11.1.1.6.4 \n * Oracle Communications BRM - Elastic Charging Engine 7.5 \n * Oracle Communications Converged Application Server - Service Controller 6.1 \n * Oracle Communications Convergent Charging Controller 6.0 \n * Oracle Communications Interactive Session Recorder 6.0 \n * Oracle Communications Interactive Session Recorder 6.1 \n * Oracle Communications Interactive Session Recorder 6.2 \n * Oracle Communications Messaging Server 3.0 \n * Oracle Communications Messaging Server 6.3 \n * Oracle Communications Messaging Server 7.0 \n * Oracle Communications Messaging Server 8.0 \n * Oracle Communications Messaging Server 8.0.1.1.0 \n * Oracle Communications Network Charging and Control 6.0 \n * Oracle Communications Network Intelligence 7.3.0 \n * Oracle Communications Online Mediation Controller 6.1 \n * Oracle Communications Pricing Design Center 11.1 \n * Oracle Communications Pricing Design Center 12.0 \n * Oracle Communications Service Broker 6.0 \n * Oracle Communications Services Gatekeeper 5.1 \n * Oracle Communications Services Gatekeeper 6.0 \n * Oracle Communications Unified Inventory Management 7.0 \n * Oracle Communications Unified Inventory Management 7.1 \n * Oracle Communications Unified Inventory Management 7.3 \n * Oracle Communications WebRTC Session Controller 7.0 \n * Oracle Communications WebRTC Session Controller 7.1 \n * Oracle Configuration Manager 12.1.2.0.2 \n * Oracle Configuration Manager 12.1.2.0.5 \n * Oracle Endeca Information Discovery Integrator 3.1 \n * Oracle Endeca Information Discovery Integrator 3.2 \n * Oracle Endeca Server 7.7 \n * Oracle Enterprise Linux 7 \n * Oracle Enterprise Manager Ops Center 12.2.2 \n * Oracle Enterprise Manager Ops Center 12.3.2 \n * Oracle Enterprise Repository 11.1.1.7.0 \n * Oracle Enterprise Repository 12.1.3.0.0 \n * Oracle FLEXCUBE Core Banking 11.5.0 \n * Oracle FLEXCUBE Core Banking 11.6.0 \n * Oracle FLEXCUBE Core Banking 11.7.0 \n * Oracle FLEXCUBE Investor Servicing 12.0.4 \n * Oracle FLEXCUBE Investor Servicing 12.1.0 \n * Oracle FLEXCUBE Investor Servicing 12.3.0 \n * Oracle FLEXCUBE Investor Servicing 12.4.0 \n * Oracle FLEXCUBE Investor Servicing 14.0.0 \n * Oracle FLEXCUBE Private Banking 12.0.0 \n * Oracle FLEXCUBE Private Banking 2.1.0 \n * Oracle GoldenGate Application Adapters 12.3.2.1.1 \n * Oracle Identity Analytics 11.1.1.5.8 \n * Oracle Identity Management Suite 11.1.2.3.0 \n * Oracle Identity Management Suite 12.2.1.3.0 \n * Oracle Insurance Calculation Engine 10.1.1 \n * Oracle Insurance Calculation Engine 10.2.1 \n * Oracle Insurance Rules Palette 10.0 \n * Oracle Insurance Rules Palette 10.1 \n * Oracle Insurance Rules Palette 10.2.0 \n * Oracle Insurance Rules Palette 11.0 \n * Oracle Insurance Rules Palette 11.1 \n * Oracle JD Edwards EnterpriseOne Tools 4.0.1.0 \n * Oracle JD Edwards EnterpriseOne Tools 9.2 \n * Oracle JD Edwards World Security A9.2 \n * Oracle JD Edwards World Security A9.3 \n * Oracle JD Edwards World Security A9.4 \n * Oracle JDeveloper 11.1.1.9.0 \n * Oracle JDeveloper 12.1.3.0.0 \n * Oracle JDeveloper 12.2.1.0.0 \n * Oracle MICROS Lucas 2.9.5 \n * Oracle MICROS Retail XBRi Loss Prevention 10.0.1 \n * Oracle MICROS Retail XBRi Loss Prevention 10.5.0 \n * Oracle MICROS Retail XBRi Loss Prevention 10.6.0 \n * Oracle MICROS Retail XBRi Loss Prevention 10.7.0 \n * Oracle MICROS Retail XBRi Loss Prevention 10.8.0 \n * Oracle MICROS Retail XBRi Loss Prevention 10.8.1 \n * Oracle Managed File Transfer 12.1.3.0.0 \n * Oracle Managed File Transfer 12.2.1.2.0 \n * Oracle Managed File Transfer 12.2.1.3.0 \n * Oracle PeopleSoft Enterprise FIN Supply Chain Portal Pack Argentina 9.1 \n * Oracle PeopleSoft Enterprise FIN Supply Chain Portal Pack Brazil 9.1 \n * Oracle Retail Advanced Inventory Planning 13.2 \n * Oracle Retail Advanced Inventory Planning 13.4 \n * Oracle Retail Advanced Inventory Planning 14.1 \n * Oracle Retail Advanced Inventory Planning 15.0 \n * Oracle Retail Assortment Planning 14.1.3 \n * Oracle Retail Assortment Planning 15.0.3 \n * Oracle Retail Assortment Planning 16.0.1 \n * Oracle Retail Back Office 14.0.4 \n * Oracle Retail Back Office 14.1.3 \n * Oracle Retail Central Office 14.0.4 \n * Oracle Retail Central Office 14.1.3 \n * Oracle Retail Convenience and Fuel POS 2.1.132 \n * Oracle Retail Customer Management and Segmentation Foundation 10.8.0 \n * Oracle Retail Customer Management and Segmentation Foundation 11.4.0 \n * Oracle Retail Customer Management and Segmentation Foundation 15.0.0 \n * Oracle Retail Customer Management and Segmentation Foundation 16.0.0 \n * Oracle Retail EFTLink 15.0.2 \n * Oracle Retail EFTLink 16.0.3 \n * Oracle Retail Extract Transform and Load 13.0 \n * Oracle Retail Extract Transform and Load 13.1 \n * Oracle Retail Extract Transform and Load 13.2 \n * Oracle Retail Fiscal Management 14.1 \n * Oracle Retail Insights 14.0 \n * Oracle Retail Insights 14.1 \n * Oracle Retail Insights 15.0 \n * Oracle Retail Insights 16.0 \n * Oracle Retail Invoice Matching 10.2 \n * Oracle Retail Invoice Matching 11.0 \n * Oracle Retail Invoice Matching 12.0 \n * Oracle Retail Invoice Matching 13.0 \n * Oracle Retail Invoice Matching 13.1 \n * Oracle Retail Invoice Matching 13.2 \n * Oracle Retail Invoice Matching 14.0 \n * Oracle Retail Invoice Matching 14.1 \n * Oracle Retail Invoice Matching 15.0 \n * Oracle Retail Invoice Matching 16.0 \n * Oracle Retail Open Commerce Platform 5.3 \n * Oracle Retail Open Commerce Platform 6.0 \n * Oracle Retail Open Commerce Platform 6.0.1 \n * Oracle Retail Order Broker 15.0 \n * Oracle Retail Order Broker 16.0 \n * Oracle Retail Order Broker 5.1 \n * Oracle Retail Order Broker 5.2 \n * Oracle Retail Order Management System 4.0 \n * Oracle Retail Order Management System 4.5 \n * Oracle Retail Order Management System 4.7 \n * Oracle Retail Order Management System 5.0 \n * Oracle Retail Point-of-Service 14.0.4 \n * Oracle Retail Point-of-Service 14.1.3 \n * Oracle Retail Price Management 12.0 \n * Oracle Retail Price Management 13.0 \n * Oracle Retail Price Management 13.1 \n * Oracle Retail Price Management 13.2 \n * Oracle Retail Price Management 14.0 \n * Oracle Retail Price Management 14.1 \n * Oracle Retail Price Management 15.0 \n * Oracle Retail Price Management 16.0 \n * Oracle Retail Returns Management 14.0.4 \n * Oracle Retail Returns Management 14.1.3 \n * Oracle Retail Returns Management 2.3.8 \n * Oracle Retail Returns Management 2.4.9 \n * Oracle Retail Store Inventory Management 12.0.12 \n * Oracle Retail Store Inventory Management 13.0.7 \n * Oracle Retail Store Inventory Management 13.1.9 \n * Oracle Retail Store Inventory Management 13.2.9 \n * Oracle Retail Store Inventory Management 14.0.4 \n * Oracle Retail Store Inventory Management 14.1.3 \n * Oracle Retail Store Inventory Management 15.0.2 \n * Oracle Retail Store Inventory Management 16.0.1 \n * Oracle Retail Workforce Management 1.60.7 \n * Oracle Retail Workforce Management 1.64.0 \n * Oracle Retail Xstore Point of Service 15.0.1 \n * Oracle Retail Xstore Point of Service 6.0.11 \n * Oracle Retail Xstore Point of Service 7.0.6 \n * Oracle Retail Xstore Point of Service 7.1.6 \n * Oracle SOA Suite 12.1.3.0.0 \n * Oracle SOA Suite 12.2.1.3.0 \n * Oracle Secure Global Desktop 5.3 \n * Oracle Siebel UI Framework 18.7 \n * Oracle Siebel UI Framework 18.8 \n * Oracle Siebel UI Framework 18.9 \n * Oracle Tape Library ACSLS 8.4 \n * Oracle Transportation Management 6.2.11 \n * Oracle Transportation Management 6.3.1 \n * Oracle Transportation Management 6.3.2 \n * Oracle Transportation Management 6.3.3 \n * Oracle Transportation Management 6.3.4 \n * Oracle Transportation Management 6.3.5 \n * Oracle Transportation Management 6.3.6 \n * Oracle Transportation Management 6.3.7 \n * Oracle Transportation Management 6.4.1 \n * Oracle Transportation Management 6.4.2 \n * Oracle Utilities Advanced Spatial and Operational Analytics 2.7.0.1 \n * Oracle Utilities Framework 2.2.0 \n * Oracle Utilities Framework 4.2.0 \n * Oracle Utilities Framework 4.3.0 \n * Oracle WebCenter Portal 12.2.1.2.0 \n * Oracle WebCenter Portal 12.2.1.3.0 \n * Oracle Weblogic Server 10.3.6.0 \n * Oracle Weblogic Server 12.1.3.0 \n * Oracle Weblogic Server 12.2.1.2 \n * Oracle Weblogic Server 12.2.1.3 \n * Redhat Enterprise Linux 7 Client \n * Redhat Enterprise Linux Client Optional 7 \n * Redhat Enterprise Linux ComputeNode 7 \n * Redhat Enterprise Linux ComputeNode Optional 7 \n * Redhat Enterprise Linux Server 6 \n * Redhat Enterprise Linux Server 7 \n * Redhat Enterprise Linux Server EUS 6.7 \n * Redhat Enterprise Linux Server EUS 7.3 \n * Redhat Enterprise Linux Server Optional 7 \n * Redhat Enterprise Linux Workstation 6 \n * Redhat Enterprise Linux Workstation 7 \n * Redhat Enterprise Linux Workstation Optional 7 \n * Redhat JBoss Web Server 3.1 for RHEL 6 \n * Redhat JBoss Web Server 3.1 for RHEL 7 \n\n### Recommendations\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic \n\n**Do not accept or execute files from untrusted or unknown sources.** \nTo reduce the likelihood of successful exploits, do not open files that originate from untrusted sources.\n\n**Implement multiple redundant layers of security.** \nVarious memory-protection schemes (such as nonexecutable and randomly mapped memory segments) may hinder an attacker's ability to exploit this vulnerability to execute arbitrary code.\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo limit the impact of latent vulnerabilities, configure database servers and other applications to run as a nonadministrative user with minimal access rights.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2017-04-17T00:00:00", "published": "2017-04-17T00:00:00", "id": "SMNTC-97702", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/97702", "type": "symantec", "title": "Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "seebug": [{"lastseen": "2017-11-19T11:59:52", "description": "Versions Affected: all versions from 2.0-alpha1 to 2.8.1\r\n\r\nDescription: \r\n\r\nWhen using the TCP socket server or UDP socket server to\r\nreceive serialized log events from another application, a specially crafted\r\nbinary payload can be sent that, when deserialized, can execute arbitrary\r\ncode.\r\n\r\nMitigation: \r\n\r\nJava 7+ users should migrate to version 2.8.2 or avoid using\r\nthe socket server classes. Java 6 users should avoid using the TCP or UDP\r\nsocket server classes, or they can manually backport the security fix from\r\n2.8.2: <https://git-wip-us.apache.org/repos/asf?p=logging-log4j2.\r\ngit;h=5dcc192>\r\n\r\nCredit: This issue was discovered by Marcio Almeida de Macedo of Red Team\r\nat Telstra", "published": "2017-04-18T00:00:00", "type": "seebug", "title": "Apache Log4j socket receiver deserialization vulnerability (CVE-2017-5645)", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-5645"], "modified": "2017-04-18T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-92965", "id": "SSV:92965", "sourceData": "", "sourceHref": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2020-11-26T13:52:15", "description": "The remote host contains a Spring Framework library version that is 5.0.x prior to 5.0.16 or 5.1.x prior to 5.1.13 or \n5.2.x prior to 5.2.3. It is, therefore, affected by a reflected file download vulnerability. An attacker can exploit\nthis tricking user to click on a URL for trusted domain. Upon clicking on the malicious link, the victim will be\npresented with a download which appears to have originated from a trusted domain. Once downloaded, the malicious\npayload can execute arbitrary code and potentially completely take-over a system.", "edition": 15, "cvss3": {"score": 7.5, "vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-01-22T00:00:00", "title": "Spring Framework 5.0.x < 5.0.16 / 5.1.x < 5.1.13 / 5.2.x < 5.2.3 Spring Framework Reflected File Download Vulnerability. (CVE-2020-5398)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-5398"], "modified": "2020-01-22T00:00:00", "cpe": ["cpe:/a:pivotal_software:spring_framework"], "id": "SPRING_CVE-2020-5398.NASL", "href": "https://www.tenable.com/plugins/nessus/133148", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133148);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/25\");\n\n script_cve_id(\"CVE-2020-5398\");\n\n script_name(english:\"Spring Framework 5.0.x < 5.0.16 / 5.1.x < 5.1.13 / 5.2.x < 5.2.3 Spring Framework Reflected File Download Vulnerability. (CVE-2020-5398)\");\n script_summary(english:\"Checks version of Spring Framework.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web application framework library that is\naffected by a reflected file download vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host contains a Spring Framework library version that is 5.0.x prior to 5.0.16 or 5.1.x prior to 5.1.13 or \n5.2.x prior to 5.2.3. It is, therefore, affected by a reflected file download vulnerability. An attacker can exploit\nthis tricking user to click on a URL for trusted domain. Upon clicking on the malicious link, the victim will be\npresented with a download which appears to have originated from a trusted domain. Once downloaded, the malicious\npayload can execute arbitrary code and potentially completely take-over a system.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://pivotal.io/security/cve-2020-5398\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Spring Framework version 5.0.16 or 5.1.13 or 5.2.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-5398\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/22\");\n\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:pivotal_software:spring_framework\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"spring_jar_detection.nbin\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\napp_info = vcf::combined_get_app_info(app:'Spring Framework');\n\nconstraints = [\n { 'min_version':'5.0', 'fixed_version':'5.0.16' },\n { 'min_version':'5.1', 'fixed_version':'5.1.13' },\n { 'min_version':'5.2', 'fixed_version':'5.2.3' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-14T17:17:28", "description": "The version of Oracle Real User Experience Insight installed on the remote host is missing the April 2020 CPU. It is, \ntherefore, affected by a buffer overflow condition due to insufficient validation of user-supplied input. An \nunauthenticated, remote attacker can exploit this, by sending specially crafted ASN.1 data to an affected host, to \ncause a denial of service condition or the execution of arbitrary code.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version", "edition": 3, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-04-17T00:00:00", "title": "Oracle Real User Experience Insight (Apr 2020 CPU)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-11058"], "modified": "2020-04-17T00:00:00", "cpe": ["cpe:/a:oracle:enterprise_manager_grid_control"], "id": "ORACLE_RUEI_CPU_APR_2020.NASL", "href": "https://www.tenable.com/plugins/nessus/135705", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135705);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/23\");\n\n script_cve_id(\"CVE-2018-11058\");\n script_bugtraq_id(108106);\n script_xref(name:\"IAVA\", value:\"2020-A-0150\");\n\n script_name(english:\"Oracle Real User Experience Insight (Apr 2020 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by a buffer overflow vulnerability\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle Real User Experience Insight installed on the remote host is missing the April 2020 CPU. It is, \ntherefore, affected by a buffer overflow condition due to insufficient validation of user-supplied input. An \nunauthenticated, remote attacker can exploit this, by sending specially crafted ASN.1 data to an affected host, to \ncause a denial of service condition or the execution of arbitrary code.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\");\n # https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixEM\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ffb7f13c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to the relevant fixed version as referenced in the April \n 2020 CPU\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-11058\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/17\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:enterprise_manager_grid_control\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_ruei_detect.nbin\");\n script_require_keys(\"installed_sw/Oracle Real User Experience Insight\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80, 443);\n\n exit(0);\n}\n\ninclude('http.inc');\ninclude('vcf.inc');\n\nif (report_paranoia < 2)\n audit(AUDIT_PARANOID);\n\nport = get_http_port(default:443);\napp_info = vcf::get_app_info(app:'Oracle Real User Experience Insight', port:port, webapp:TRUE);\n\nconstraints = [\n { 'min_version' : '13.1.2', 'fixed_version' : '13.1.2.1' },\n { 'min_version' : '13.2.3', 'fixed_version' : '13.2.3.1', 'fixed_display' : '13.2.3.1 / 13.3.1.0' }\n];\n\nvcf::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE\n);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-16T12:34:43", "description": "The version of Oracle Access Manager installed on the remote host is affected by the following vulnerability as noted \nin the October 2020 CPU advisory :\n \n - Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Web Server \n Plugin (RSA BSafe)). The supported version that is affected is 11.1.2.3.0. Easily exploitable \n vulnerability allows unauthenticated attacker with network access via HTTPS to compromise \n Oracle Access Manager. Successful attacks of this vulnerability can result in takeover of Oracle \n Access Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).\n \nNote that Nessus has not attempted to exploit this issue but has instead relied only on the application's\nself-reported version number.", "edition": 2, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-12-11T00:00:00", "title": "Oracle Access Manager (Oct 2020 CPU)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-11058"], "modified": "2020-12-11T00:00:00", "cpe": ["cpe:/a:oracle:access_manager", "cpe:/a:oracle:fusion_middleware"], "id": "ORACLE_ACCESS_MANAGER_CPU_OCT_2020.NASL", "href": "https://www.tenable.com/plugins/nessus/144089", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144089);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/14\");\n\n script_cve_id(\"CVE-2018-11058\");\n\n script_name(english:\"Oracle Access Manager (Oct 2020 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a Single Sign On (SSO) application installed that is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle Access Manager installed on the remote host is affected by the following vulnerability as noted \nin the October 2020 CPU advisory :\n \n - Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Web Server \n Plugin (RSA BSafe)). The supported version that is affected is 11.1.2.3.0. Easily exploitable \n vulnerability allows unauthenticated attacker with network access via HTTPS to compromise \n Oracle Access Manager. Successful attacks of this vulnerability can result in takeover of Oracle \n Access Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).\n \nNote that Nessus has not attempted to exploit this issue but has instead relied only on the application's\nself-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpuoct2020.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patches according to the October 2020 Oracle Critical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-11058\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:access_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:fusion_middleware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_access_manager_installed.nbin\");\n script_require_keys(\"installed_sw/Oracle Access Manager\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\napp_info = vcf::get_app_info(app:'Oracle Access Manager');\n\nconstraints = [{'min_version': '11.1.2.3', 'fixed_version': '11.1.2.3.200804'}];\n\nvcf::check_version_and_report(\n app_info: app_info,\n constraints: constraints,\n severity: SECURITY_HOLE\n);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:15:43", "description": "Security fix for CVE-2017-5645\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-05-05T00:00:00", "title": "Fedora 24 : log4j (2017-2ccfbd650a)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5645"], "modified": "2017-05-05T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:log4j", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2017-2CCFBD650A.NASL", "href": "https://www.tenable.com/plugins/nessus/99988", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-2ccfbd650a.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99988);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-5645\");\n script_xref(name:\"FEDORA\", value:\"2017-2ccfbd650a\");\n\n script_name(english:\"Fedora 24 : log4j (2017-2ccfbd650a)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2017-5645\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-2ccfbd650a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected log4j package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"log4j-2.5-3.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"log4j\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-05T09:25:33", "description": "According to its self-reported version number, the Oracle GoldenGate for Big Data application located on the remote\nhost 12.3.2.1.x less than 12.3.2.1.2. It is, therefore, affected by a remote code execution vulnerability due to\ninsecure deserialization of log events received by the Apache Log4j subcomponent's TCP or UDP socket server. An\nunauthenticated, remote attacker can exploit this to execute arbitrary code by sending a specially crafted, serialized\nbinary payload.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 14, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-01-28T00:00:00", "title": "Oracle GoldenGate for Big Data 12.3.2.1.x < 12.3.2.1.2 Apache Log4j Insecure Deserialization RCE (Jan 2019 CPU)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5645"], "modified": "2020-01-28T00:00:00", "cpe": ["cpe:/a:oracle:goldengate_application_adapters"], "id": "ORACLE_GOLDENGATE_FOR_BIG_DATA_CPU_JAN_2019.NASL", "href": "https://www.tenable.com/plugins/nessus/133268", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133268);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/04\");\n\n script_cve_id(\"CVE-2017-5645\");\n script_bugtraq_id(97702);\n\n script_name(english:\"Oracle GoldenGate for Big Data 12.3.2.1.x < 12.3.2.1.2 Apache Log4j Insecure Deserialization RCE (Jan 2019 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Oracle GoldenGate for Big Data application on the remote host is affected by a remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Oracle GoldenGate for Big Data application located on the remote\nhost 12.3.2.1.x less than 12.3.2.1.2. It is, therefore, affected by a remote code execution vulnerability due to\ninsecure deserialization of log events received by the Apache Log4j subcomponent's TCP or UDP socket server. An\nunauthenticated, remote attacker can exploit this to execute arbitrary code by sending a specially crafted, serialized\nbinary payload.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixFMW\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?14755ac7\");\n # https://docs.oracle.com/en/middleware/goldengate/big-data/12.3.2.1/gbdrn/corrected-problems.html#GUID-4286C791-466E-42A2-92A6-2DF777A4A18E\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e7481d30\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Oracle GoldenGate for Big Data version 12.3.2.1.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5645\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/28\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:goldengate_application_adapters\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_goldengate_for_big_data_installed.nbin\");\n script_require_keys(\"Settings/ParanoidReport\", \"installed_sw/Oracle GoldenGate for Big Data\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('vcf.inc');\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\napp_name = 'Oracle GoldenGate for Big Data';\napp_info = vcf::get_app_info(app:app_name);\n\n// January CPU says 12.3.2.1.1 is the affected version. There's conflicting information, but as this is a paranoid only\n// check we'll flag for 12.3.2.1.x < 12.3.2.1.2.\nconstraints = [\n { 'min_version':'12.3.2.1', 'fixed_version':'12.3.2.1.2' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:13:00", "description": "Security fix for CVE-2017-5645\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-07-17T00:00:00", "title": "Fedora 26 : log4j12 (2017-b8358cda24)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5645"], "modified": "2017-07-17T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:log4j12", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-B8358CDA24.NASL", "href": "https://www.tenable.com/plugins/nessus/101708", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-b8358cda24.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101708);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-5645\");\n script_xref(name:\"FEDORA\", value:\"2017-b8358cda24\");\n\n script_name(english:\"Fedora 26 : log4j12 (2017-b8358cda24)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2017-5645\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-b8358cda24\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected log4j12 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:log4j12\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"log4j12-1.2.17-19.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"log4j12\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:10:54", "description": "Security fix for CVE-2017-5645\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-05-03T00:00:00", "title": "Fedora 25 : log4j (2017-511ebfa8a3)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5645"], "modified": "2017-05-03T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:25", "p-cpe:/a:fedoraproject:fedora:log4j"], "id": "FEDORA_2017-511EBFA8A3.NASL", "href": "https://www.tenable.com/plugins/nessus/99955", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-511ebfa8a3.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99955);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-5645\");\n script_xref(name:\"FEDORA\", value:\"2017-511ebfa8a3\");\n\n script_name(english:\"Fedora 25 : log4j (2017-511ebfa8a3)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2017-5645\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-511ebfa8a3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected log4j package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"log4j-2.5-5.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"log4j\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T08:52:34", "description": "According to the version of the log4j package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - It was found that when using remote logging with log4j\n socket server the log4j server would deserialize any\n log event received via TCP or UDP. An attacker could\n use this flaw to send a specially crafted log event\n that, during deserialization, would execute arbitrary\n code in the context of the logger application.\n (CVE-2017-5645)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-09-11T00:00:00", "title": "EulerOS 2.0 SP2 : log4j (EulerOS-SA-2017-1214)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5645"], "modified": "2017-09-11T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:log4j", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1214.NASL", "href": "https://www.tenable.com/plugins/nessus/103072", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103072);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-5645\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : log4j (EulerOS-SA-2017-1214)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the log4j package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - It was found that when using remote logging with log4j\n socket server the log4j server would deserialize any\n log event received via TCP or UDP. An attacker could\n use this flaw to send a specially crafted log event\n that, during deserialization, would execute arbitrary\n code in the context of the logger application.\n (CVE-2017-5645)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1214\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8fd10d04\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected log4j package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"log4j-1.2.17-16\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"log4j\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:15:14", "description": "Security fix for CVE-2017-5645\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-07-17T00:00:00", "title": "Fedora 26 : log4j (2017-11edc0d6c3)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5645"], "modified": "2017-07-17T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:log4j", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-11EDC0D6C3.NASL", "href": "https://www.tenable.com/plugins/nessus/101576", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-11edc0d6c3.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101576);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-5645\");\n script_xref(name:\"FEDORA\", value:\"2017-11edc0d6c3\");\n\n script_name(english:\"Fedora 26 : log4j (2017-11edc0d6c3)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2017-5645\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-11edc0d6c3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected log4j package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"log4j-2.7-4.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"log4j\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:11:44", "description": "Security fix for CVE-2017-5645\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-06-13T00:00:00", "title": "Fedora 25 : log4j12 (2017-8348115acd)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5645"], "modified": "2017-06-13T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:25", "p-cpe:/a:fedoraproject:fedora:log4j12"], "id": "FEDORA_2017-8348115ACD.NASL", "href": "https://www.tenable.com/plugins/nessus/100746", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-8348115acd.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100746);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-5645\");\n script_xref(name:\"FEDORA\", value:\"2017-8348115acd\");\n\n script_name(english:\"Fedora 25 : log4j12 (2017-8348115acd)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2017-5645\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-8348115acd\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected log4j12 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:log4j12\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"log4j12-1.2.17-19.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"log4j12\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ptsecurity": [{"lastseen": "2020-09-14T20:34:35", "bulletinFamily": "info", "cvelist": ["CVE-2020-14622"], "description": "# PT-2020-09: Path Traversal vulnerability in Cisco ASA and Cisco FTD\n\n\u0421isco ASA and Cisco FTD\n\n**Severity:**\n\nSeverity level: High \nImpact: Path Traversal vulnerability in Cisco ASA and Cisco FTD \nAccess Vector: Remote Base 7.5 CVE: CVE-2020-14622\n\n**Vulnerability description:**\n\nA vulnerability in Cisco ASA and Cisco FTD allows attackers to read some WebVPN-related files, which may contain sensitive information like WebVPN configuration data of Cisco ASA users, bookmarks, cookies, web content, and HTTP URLs.\n\n**Advisory status:**\n\nFebruary 13, 2020 - Vendor notification date \nJuly 22, 2020 - Security advisory publication date (<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ro-path-KJuQhB86>) \n\n**Credits:**\n\nThe vulnerability was discovered by Mikhail Klyuchnikov, Positive Technologies\n", "edition": 1, "modified": "1970-01-01T00:00:00", "published": "2020-07-22T00:00:00", "id": "PT-2020-09", "href": "https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2020-09/", "title": "PT-2020-09: Path Traversal vulnerability in Cisco ASA and Cisco FTD", "type": "ptsecurity", "cvss": {}}, {"lastseen": "2020-09-14T20:34:25", "bulletinFamily": "info", "cvelist": ["CVE-2020-14622"], "description": "# PT-2020-07: Arbitrary file reading in Oracle WebLogic Server\n\nOracle WebLogic Server\n\n**Severity:**\n\nSeverity level: Medium \nImpact: Arbitrary file reading in Oracle WebLogic Server \nAccess Vector: Remote\n\nCVSS v3.1: Base 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\n\nCVE: CVE-2020-14622\n\n**Vulnerability description:**\n\nA vulnerability in Oracle WebLogic Server allows remote attackers to read local files in the context of the web server using a service URL and a specially crafted request. To exploit the vulnerability an adversary should have an administrative account. Access to the administrative panel is not required. The vulnerability can be exploited via 80 (HTTP) and 443 (HTTPS) ports providing access to resources from the Internet.\n\n**Advisory status:**\n\nApril 1, 2020 - Vendor notification date \nJuly 22, 2020 - Security advisory publication date (<https://www.oracle.com/security-alerts/cpujul2020.html>) \n\n**Credits:**\n\nThe vulnerability was discovered by Arseny Sharoglazov, Positive Technologies\n", "edition": 1, "modified": "1970-01-01T00:00:00", "published": "2020-07-22T00:00:00", "id": "PT-2020-07", "href": "https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2020-07/", "title": "PT-2020-07: Arbitrary file reading in Oracle WebLogic Server", "type": "ptsecurity", "cvss": {}}], "github": [{"lastseen": "2020-04-24T16:54:29", "bulletinFamily": "software", "cvelist": ["CVE-2020-9546"], "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", "edition": 1, "modified": "2020-04-23T21:08:40", "published": "2020-04-23T21:08:40", "id": "GHSA-5P34-5M6P-P58G", "href": "https://github.com/advisories/GHSA-5p34-5m6p-p58g", "title": "jackson-databind mishandles the interaction between serialization gadgets and typing", "type": "github", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-01T20:46:23", "bulletinFamily": "software", "cvelist": ["CVE-2017-5645"], "description": "In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.", "edition": 4, "modified": "2020-07-01T17:41:02", "published": "2020-01-06T18:43:38", "id": "GHSA-FXPH-Q3J8-MV87", "href": "https://github.com/advisories/GHSA-fxph-q3j8-mv87", "title": "Deserialization of Untrusted Data in Log4j", "type": "github", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-23T00:48:11", "bulletinFamily": "software", "cvelist": ["CVE-2020-5398"], "description": "In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a \"Content-Disposition\" header in the response where the filename attribute is derived from user supplied input.", "edition": 7, "modified": "2021-01-22T20:51:39", "published": "2020-01-21T20:59:09", "id": "GHSA-8WX2-9Q48-VM9R", "href": "https://github.com/advisories/GHSA-8wx2-9q48-vm9r", "title": "RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application", "type": "github", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "zdi": [{"lastseen": "2020-07-20T19:27:06", "bulletinFamily": "info", "cvelist": ["CVE-2020-14625"], "description": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle WebLogic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the aspectjweaver library. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account.", "edition": 1, "modified": "2020-07-20T00:00:00", "published": "2020-07-20T00:00:00", "id": "ZDI-20-885", "href": "https://www.zerodayinitiative.com/advisories/ZDI-20-885/", "title": "Oracle WebLogic Server T3 Protocol Deserialization of Untrusted Data Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:46:42", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5645"], "description": "Log4j is a tool to help the programmer output log statements to a variety of output targets.\n\nSecurity Fix(es):\n\n* It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. (CVE-2017-5645)", "modified": "2018-06-13T01:28:16", "published": "2017-06-08T11:23:59", "id": "RHSA-2017:1417", "href": "https://access.redhat.com/errata/RHSA-2017:1417", "type": "redhat", "title": "(RHSA-2017:1417) Important: rh-java-common-log4j security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-24T07:23:27", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5645", "CVE-2019-17571"], "description": "Log4j is a tool to help the programmer output log statements to a variety of output targets.\n\nSecurity Fix(es):\n\n* It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. (CVE-2017-5645)", "modified": "2019-12-24T10:26:42", "published": "2017-08-07T11:26:13", "id": "RHSA-2017:2423", "href": "https://access.redhat.com/errata/RHSA-2017:2423", "type": "redhat", "title": "(RHSA-2017:2423) Important: log4j security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-26T05:29:35", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5645", "CVE-2019-17571"], "description": "Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.\n\nThis asynchronous patch is a security update for log4j package in Red Hat JBoss Enterprise Application Platform 5.2.0.\n\nSecurity Fix(es):\n\n* It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. (CVE-2017-5645)", "modified": "2019-12-26T09:27:33", "published": "2017-12-07T22:04:23", "id": "RHSA-2017:3399", "href": "https://access.redhat.com/errata/RHSA-2017:3399", "type": "redhat", "title": "(RHSA-2017:3399) Important: Red Hat JBoss Enterprise Application Platform 5.2 security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-26T05:27:11", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5645", "CVE-2019-17571"], "description": "Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.\n\nThis asynchronous patch is a security update for log4j package in Red Hat JBoss Enterprise Application Platform 5.2.0.\n\nSecurity Fix(es):\n\n* It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. (CVE-2017-5645)", "modified": "2019-12-26T09:40:15", "published": "2017-12-07T22:04:46", "id": "RHSA-2017:3400", "href": "https://access.redhat.com/errata/RHSA-2017:3400", "type": "redhat", "title": "(RHSA-2017:3400) Important: Red Hat JBoss Enterprise Application Platform 5.2 security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-26T05:28:41", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5645", "CVE-2017-7957", "CVE-2019-17571"], "description": "Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules.\n\nThis release of Red Hat JBoss BRMS 6.4.6 serves as a replacement for Red Hat JBoss BRMS 6.4.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. (CVE-2017-5645)\n\n* It was found that XStream contains a vulnerability that allows a maliciously crafted file to be parsed successfully which could cause an application crash. The crash occurs if the file that is being fed into XStream input stream contains an instances of the primitive type 'void'. An attacker could use this flaw to create a denial of service on the target system. (CVE-2017-7957)", "modified": "2019-12-26T09:38:51", "published": "2017-10-13T01:58:30", "id": "RHSA-2017:2888", "href": "https://access.redhat.com/errata/RHSA-2017:2888", "type": "redhat", "title": "(RHSA-2017:2888) Important: Red Hat JBoss BRMS 6.4.6 security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-26T05:29:04", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5645", "CVE-2017-7957", "CVE-2019-17571"], "description": "Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes.\n\nThis release of Red Hat JBoss BPM Suite 6.4.6 serves as a replacement for Red Hat JBoss BPM Suite 6.4.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. (CVE-2017-5645)\n\n* It was found that XStream contains a vulnerability that allows a maliciously crafted file to be parsed successfully which could cause an application crash. The crash occurs if the file that is being fed into XStream input stream contains an instances of the primitive type 'void'. An attacker could use this flaw to create a denial of service on the target system. (CVE-2017-7957)", "modified": "2019-12-26T09:37:26", "published": "2017-10-13T01:58:49", "id": "RHSA-2017:2889", "href": "https://access.redhat.com/errata/RHSA-2017:2889", "type": "redhat", "title": "(RHSA-2017:2889) Important: Red Hat JBoss BPM Suite 6.4.6 security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:31", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5645", "CVE-2017-5664", "CVE-2017-7525"], "description": "Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.\n\nThis release of Red Hat JBoss Enterprise Application Platform 6.4.17 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.16, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. (CVE-2017-5645)\n\n* A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664)\n\n* A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. (CVE-2017-7525)\n\nRed Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-7525.", "modified": "2018-06-07T02:39:09", "published": "2017-09-05T18:32:26", "id": "RHSA-2017:2635", "href": "https://access.redhat.com/errata/RHSA-2017:2635", "type": "redhat", "title": "(RHSA-2017:2635) Important: Red Hat JBoss Enterprise Application Platform 6.4.17 update on RHEL 6", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:44:58", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5645", "CVE-2017-5664", "CVE-2017-7525"], "description": "Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.\n\nThis release of Red Hat JBoss Enterprise Application Platform 6.4.17 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.16, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. (CVE-2017-5645)\n\n* A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664)\n\n* A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. (CVE-2017-7525)\n\nRed Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-7525.", "modified": "2017-09-05T18:47:00", "published": "2017-09-05T18:33:23", "id": "RHSA-2017:2637", "href": "https://access.redhat.com/errata/RHSA-2017:2637", "type": "redhat", "title": "(RHSA-2017:2637) Important: Red Hat JBoss Enterprise Application Platform 6.4.17 update on RHEL 5", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:55", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5645", "CVE-2017-5664", "CVE-2017-7525"], "description": "Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.\n\nThis release of Red Hat JBoss Enterprise Application Platform 6.4.17 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.16, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. (CVE-2017-5645)\n\n* A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664)\n\n* A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. (CVE-2017-7525)\n\nRed Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-7525.", "modified": "2018-03-19T16:13:49", "published": "2017-09-05T18:32:51", "id": "RHSA-2017:2636", "href": "https://access.redhat.com/errata/RHSA-2017:2636", "type": "redhat", "title": "(RHSA-2017:2636) Important: Red Hat JBoss Enterprise Application Platform 6.4.17 update on RHEL 7", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-26T05:28:06", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5645", "CVE-2017-5664", "CVE-2017-7525", "CVE-2019-17571"], "description": "The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services (AWS) Elastic Compute Cloud (EC2).\n\nWith this update, the jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 6.4.17.\n\nSecurity Fix(es):\n\n* It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. (CVE-2017-5645)\n\n* A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664)\n\n* A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. (CVE-2017-7525)\n\nRed Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-7525.", "modified": "2019-12-26T09:30:01", "published": "2017-09-05T19:21:39", "id": "RHSA-2017:2638", "href": "https://access.redhat.com/errata/RHSA-2017:2638", "type": "redhat", "title": "(RHSA-2017:2638) Important: jboss-ec2-eap security, bug fix, and enhancement update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "myhack58": [{"lastseen": "2017-04-18T09:23:35", "bulletinFamily": "info", "cvelist": ["CVE-2017-5645"], "edition": 1, "description": "! [](/Article/UploadPic/2017-4/2017418153947513. png? www. myhack58. com) \nOpen source stuff with more people, natural vulnerability. Apache for logging component Log4j to use the very flexible, in quite a lot of open source projects are using this exploit affects all Apache Log4j 2.* Series version: Apache Log4j 2.0-alpha1 \u2013 Apache Log4j 2.8.1 using Java 7+users should immediately upgrade to 2. 8. 2 Version. Nsfocus released a security threat announcement, the announcement of full text is as follows. \nApache Log4j is what \nLog4j is the Apache an open source project, through the use of Log4j, we can control the log information delivery destination is the console, file, GUI components, even socket servers, NT Event logger, UNIX Syslog daemon, etc.; we can also control each section of the log output format; by defining each of the log information level, we can more carefully control the log generation process. The most interesting is that these can be through a configuration file to flexibly configure, without the need to modify the application code. \nNsfocus the Apache Log4j deserialization vulnerability to security threats notice \nThe notice reads as follows \nBeijing Time 18 days morning, Apache Log4j was traced to the presence of a deserialization Vulnerability(CVE-2017-5645)\u3002 An attacker can send a specially produced 2-ary payload, in the Assembly of bytes to deserialize the object, the trigger and perform the configuration of the payload code. The vulnerability is mainly due to the processing ObjectInputStream, the receiver for the unreliable source of the input is not filtered. Can By to TcpSocketServer and UdpSocketServer add a configurable filtering function as well as some related settings, can effectively solve the vulnerability. Currently the Log4j official has released the new version fixes the vulnerability. \nThe relevant address: \nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=%09CVE-2017-5645 \nhttps://issues.apache.org/jira/browse/LOG4J2-1863 \nhttp://seclists.org/oss-sec/2017/q2/78 \nThe scope of the impact \nThe affected version \nAll the Apache Log4j 2.* Series version: Apache Log4j 2.0-alpha1 \u2013 Apache Log4j 2.8.1 \nNot affected versions: Apache Log4j 2.8.2 \nTo circumvent the scheme \nUsing Java 7+users should immediately upgrade to 2. 8. 2 version or avoid using the socket server of the relevant class. Reference link: \nhttps://issues.apache.org/jira/browse/LOG4J2/fixforversion/12339750/?selectedTab=com.atlassian.jira.jira-projects-plugin:version-summary-panel \nUse Java 6 users should avoid the use of TCP or UDP socket server related classes, the user can also manually add 2. 8. 2 updated version of the relevant code to fix the vulnerability. \nReference links \nhttps://git-wip-us.apache.org/repos/asf?p=logging-log4j2.git;h=5dcc192 \n\n", "modified": "2017-04-18T00:00:00", "published": "2017-04-18T00:00:00", "href": "http://www.myhack58.com/Article/html/3/62/2017/85372.htm", "id": "MYHACK58:62201785372", "type": "myhack58", "title": "Apache logging component Log4j deserialization vulnerability affects all 2. x version-bug warning-the black bar safety net", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-04-19T03:23:12", "bulletinFamily": "info", "cvelist": ["CVE-2017-5645"], "edition": 1, "description": "! [](/Article/UploadPic/2017-4/2017419102637370. png)\n\nOpen source stuff with more people, natural vulnerability. Apache for logging component Log4j to use the very flexible, in quite a lot of open source projects are using this exploit affects all Apache Log4j 2.* Series version: Apache Log4j 2.0-alpha1 \u2013 Apache Log4j 2.8.1 using Java 7+users should immediately upgrade to 2. 8. 2 Version. Nsfocus released a security threat announcement, the announcement of full text is as follows.\n\nApache Log4j is what\n\nLog4j is the Apache an open source project, through the use of Log4j, we can control the log information delivery destination is the console, file, GUI components, even socket servers, NT Event logger, UNIX Syslog daemon, etc.; we can also control each section of the log output format; by defining each of the log information level, we can more carefully control the log generation process. The most interesting is that these can be through a configuration file to flexibly configure, without the need to modify the application code.\n\nNsfocus the Apache Log4j deserialization vulnerability to security threats notice\n\nThe notice reads as follows\n\nBeijing Time 18 days morning, Apache Log4j was traced to the presence of a deserialization Vulnerability(CVE-2017-5645)\u3002 An attacker can send a specially produced 2-ary payload, in the Assembly of bytes to deserialize the object, the trigger and perform the configuration of the payload code. The vulnerability is mainly due to the processing ObjectInputStream, the receiver for the unreliable source of the input is not filtered. Can By to TcpSocketServer and UdpSocketServer add a configurable filtering function as well as some related settings, can effectively solve the vulnerability. Currently the Log4j official has released the new version fixes the vulnerability.\n\nThe relevant address:\n\n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=%09CVE-2017-5645>\n\n<https://issues.apache.org/jira/browse/LOG4J2-1863>\n\n<http://seclists.org/oss-sec/2017/q2/78>\n\nThe scope of the impact\n\nThe affected version\n\nAll the Apache Log4j 2.* Series version: Apache Log4j 2.0-alpha1 \u2013 Apache Log4j 2.8.1\n\nNot affected versions: Apache Log4j 2.8.2\n\nTo circumvent the scheme\n\nUsing Java 7+users should immediately upgrade to 2. 8. 2 version or avoid using the socket server of the relevant class. Reference link:\n\n<https://issues.apache.org/jira/browse/LOG4J2/fixforversion/12339750/?selectedTab=com.atlassian.jira.jira-projects-plugin:version-summary-panel>\n\nUse Java 6 users should avoid the use of TCP or UDP socket server related classes, the user can also manually add 2. 8. 2 updated version of the relevant code to fix the vulnerability.\n", "modified": "2017-04-19T00:00:00", "published": "2017-04-19T00:00:00", "href": "http://www.myhack58.com/Article/html/3/62/2017/85395.htm", "id": "MYHACK58:62201785395", "type": "myhack58", "title": "Apache logging component Log4j deserialization vulnerability affects all 2. x version-bug warning-the black bar safety net", "cvss": {"score": 0.0, "vector": "NONE"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5645"], "description": "Log4j is a tool to help the programmer output log statements to a variety of output targets. ", "modified": "2017-05-02T15:59:49", "published": "2017-05-02T15:59:49", "id": "FEDORA:341EA6057129", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: log4j-2.7-4.fc26", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5645"], "description": "Log4j is a tool to help the programmer output log statements to a variety of output targets. ", "modified": "2017-05-04T18:26:42", "published": "2017-05-04T18:26:42", "id": "FEDORA:A99066078F69", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: log4j-2.5-3.fc24", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5645"], "description": "Log4j is a tool to help the programmer output log statements to a variety of output targets. ", "modified": "2017-06-09T20:22:55", "published": "2017-06-09T20:22:55", "id": "FEDORA:0AC1C60C76B5", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: log4j12-1.2.17-19.fc26", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5645"], "description": "Log4j is a tool to help the programmer output log statements to a variety of output targets. ", "modified": "2017-06-12T19:29:11", "published": "2017-06-12T19:29:11", "id": "FEDORA:76CFD605E21F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: log4j12-1.2.17-19.fc24", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5645"], "description": "Log4j is a tool to help the programmer output log statements to a variety of output targets. ", "modified": "2017-06-12T21:42:07", "published": "2017-06-12T21:42:07", "id": "FEDORA:EFDAB6050C3B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: log4j12-1.2.17-19.fc25", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5645"], "description": "Log4j is a tool to help the programmer output log statements to a variety of output targets. ", "modified": "2017-05-02T23:17:24", "published": "2017-05-02T23:17:24", "id": "FEDORA:376506075014", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: log4j-2.5-5.fc25", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2020-10-22T17:07:27", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5645"], "description": "[0:1.2.17-16]\n- Fix socket receiver deserialization vulnerability\n- Resolves: CVE-2017-5645", "edition": 5, "modified": "2017-08-09T00:00:00", "published": "2017-08-09T00:00:00", "id": "ELSA-2017-2423", "href": "http://linux.oracle.com/errata/ELSA-2017-2423.html", "title": "log4j security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:33:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5645"], "description": "This host is installed with Oracle BI Publisher\n and is prone to a code execution vulnerability.", "modified": "2019-05-17T00:00:00", "published": "2018-10-18T00:00:00", "id": "OPENVAS:1361412562310814409", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814409", "type": "openvas", "title": "Oracle BI Publisher Code Execution Vulnerability (oct2018-4428296)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle BI Publisher Code Execution Vulnerability (oct2018-4428296)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:business_intelligence_publisher\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814409\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_cve_id(\"CVE-2017-5645\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-10-18 16:42:53 +0530 (Thu, 18 Oct 2018)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"Oracle BI Publisher Code Execution Vulnerability (oct2018-4428296)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Oracle BI Publisher\n and is prone to a code execution vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Check if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exist due to an unspecified\n error in BI Publisher Security (Apache Log4j) component.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attackers to execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"Oracle BI Publisher versions 11.1.1.7.0,\n 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0\");\n\n script_tag(name:\"solution\", value:\"Apply the latest patch from vendor. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_oracle_bi_publisher_detect.nasl\");\n script_mandatory_keys(\"Oracle/BI/Publisher/Enterprise/installed\");\n script_require_ports(\"Services/www\", 9704);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!obpPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:obpPort, exit_no_version:TRUE)) exit(0);\nobpVer = infos['version'];\npath = infos['location'];\n\naffected = make_list('11.1.1.7.0', '11.1.1.9.0', '12.2.1.3.0', '12.2.1.4.0');\nforeach version (affected)\n{\n if(obpVer == version)\n {\n report = report_fixed_ver(installed_version:obpVer, fixed_version: \"Apply the patch\", install_path:path);\n security_message(port:obpPort, data:report);\n exit(0);\n }\n}\nexit(99);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5645"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2017-08-08T00:00:00", "id": "OPENVAS:1361412562310871877", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871877", "type": "openvas", "title": "RedHat Update for log4j RHSA-2017:2423-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_RHSA-2017_2423-01_log4j.nasl 12497 2018-11-23 08:28:21Z cfischer $\n#\n# RedHat Update for log4j RHSA-2017:2423-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871877\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-08 07:19:05 +0200 (Tue, 08 Aug 2017)\");\n script_cve_id(\"CVE-2017-5645\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for log4j RHSA-2017:2423-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'log4j'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Log4j is a tool to help the programmer\noutput log statements to a variety of output targets.\n\nSecurity Fix(es):\n\n * It was found that when using remote logging with log4j socket server the\nlog4j server would deserialize any log event received via TCP or UDP. An\nattacker could use this flaw to send a specially crafted log event that,\nduring deserialization, would execute arbitrary code in the context of the\nlogger application. (CVE-2017-5645)\");\n script_tag(name:\"affected\", value:\"log4j on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:2423-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-August/msg00038.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"log4j\", rpm:\"log4j~1.2.17~16.el7_4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:39:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5645"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171214", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171214", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for log4j (EulerOS-SA-2017-1214)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1214\");\n script_version(\"2020-01-23T10:59:33+0000\");\n script_cve_id(\"CVE-2017-5645\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:59:33 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:59:33 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for log4j (EulerOS-SA-2017-1214)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1214\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1214\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'log4j' package(s) announced via the EulerOS-SA-2017-1214 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. (CVE-2017-5645)\");\n\n script_tag(name:\"affected\", value:\"'log4j' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"log4j\", rpm:\"log4j~1.2.17~16\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5645"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-05-03T00:00:00", "id": "OPENVAS:1361412562310872637", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872637", "type": "openvas", "title": "Fedora Update for log4j FEDORA-2017-511ebfa8a3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for log4j FEDORA-2017-511ebfa8a3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872637\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-05-03 06:54:47 +0200 (Wed, 03 May 2017)\");\n script_cve_id(\"CVE-2017-5645\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for log4j FEDORA-2017-511ebfa8a3\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'log4j'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"log4j on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-511ebfa8a3\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YCDBVCAWSKLWXHIQ2MBCM2JX4RKA2NWK\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"log4j\", rpm:\"log4j~2.5~5.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:38:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5645"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171213", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171213", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for log4j (EulerOS-SA-2017-1213)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1213\");\n script_version(\"2020-01-23T10:59:31+0000\");\n script_cve_id(\"CVE-2017-5645\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:59:31 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:59:31 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for log4j (EulerOS-SA-2017-1213)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1213\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1213\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'log4j' package(s) announced via the EulerOS-SA-2017-1213 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. (CVE-2017-5645)\");\n\n script_tag(name:\"affected\", value:\"'log4j' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"log4j\", rpm:\"log4j~1.2.17~16\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5645"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-05-05T00:00:00", "id": "OPENVAS:1361412562310872638", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872638", "type": "openvas", "title": "Fedora Update for log4j FEDORA-2017-2ccfbd650a", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for log4j FEDORA-2017-2ccfbd650a\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872638\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-05-05 07:02:49 +0200 (Fri, 05 May 2017)\");\n script_cve_id(\"CVE-2017-5645\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for log4j FEDORA-2017-2ccfbd650a\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'log4j'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"log4j on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-2ccfbd650a\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6GRJUJEODY3SNNFMDQJMKCO64EW4WZAW\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"log4j\", rpm:\"log4j~2.5~3.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5645"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-06-13T00:00:00", "id": "OPENVAS:1361412562310872759", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872759", "type": "openvas", "title": "Fedora Update for log4j12 FEDORA-2017-8348115acd", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for log4j12 FEDORA-2017-8348115acd\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872759\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-13 13:16:33 +0200 (Tue, 13 Jun 2017)\");\n script_cve_id(\"CVE-2017-5645\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for log4j12 FEDORA-2017-8348115acd\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'log4j12'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"log4j12 on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-8348115acd\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RS6LAXEJOL4LHVMUZYRNYICQN24X7PG6\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"log4j12\", rpm:\"log4j12~1.2.17~19.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5645"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-06-13T00:00:00", "id": "OPENVAS:1361412562310872757", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872757", "type": "openvas", "title": "Fedora Update for log4j12 FEDORA-2017-7e0ff7f73a", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for log4j12 FEDORA-2017-7e0ff7f73a\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872757\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-13 13:16:28 +0200 (Tue, 13 Jun 2017)\");\n script_cve_id(\"CVE-2017-5645\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for log4j12 FEDORA-2017-7e0ff7f73a\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'log4j12'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"log4j12 on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-7e0ff7f73a\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJPT4UHOVQSPUC47NUDTP3HBLP5SRHZQ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"log4j12\", rpm:\"log4j12~1.2.17~19.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-09T16:55:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-9548", "CVE-2020-9546", "CVE-2020-9547"], "description": "The remote host is missing an update for the ", "modified": "2020-03-06T00:00:00", "published": "2020-03-06T00:00:00", "id": "OPENVAS:1361412562310892135", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892135", "type": "openvas", "title": "Debian LTS: Security Advisory for jackson-databind (DLA-2135-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892135\");\n script_version(\"2020-03-06T04:00:09+0000\");\n script_cve_id(\"CVE-2020-9546\", \"CVE-2020-9547\", \"CVE-2020-9548\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-06 04:00:09 +0000 (Fri, 06 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-06 04:00:09 +0000 (Fri, 06 Mar 2020)\");\n script_name(\"Debian LTS: Security Advisory for jackson-databind (DLA-2135-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-2135-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'jackson-databind'\n package(s) announced via the DLA-2135-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The following CVEs were reported for jackson-databind source package.\n\nCVE-2020-9546\n\nFasterXML jackson-databind 2.x before 2.9.10.4 mishandles the\ninteraction between serialization gadgets and typing, related\nto org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig\n(aka shaded hikari-config).\n\nCVE-2020-9547\n\nFasterXML jackson-databind 2.x before 2.9.10.4 mishandles the\ninteraction between serialization gadgets and typing, related\nto com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig\n(aka ibatis-sqlmap).\n\nCVE-2020-9548\n\nFasterXML jackson-databind 2.x before 2.9.10.4 mishandles the\ninteraction between serialization gadgets and typing, related\nto br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).\");\n\n script_tag(name:\"affected\", value:\"'jackson-databind' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n2.4.2-2+deb8u12.\n\nWe recommend that you upgrade your jackson-databind packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libjackson2-databind-java\", ver:\"2.4.2-2+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libjackson2-databind-java-doc\", ver:\"2.4.2-2+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-12-24T10:24:22", "bulletinFamily": "unix", "cvelist": ["CVE-2019-17571", "CVE-2017-5645"], "description": "**CentOS Errata and Security Advisory** CESA-2017:2423\n\n\nLog4j is a tool to help the programmer output log statements to a variety of output targets.\n\nSecurity Fix(es):\n\n* It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. (CVE-2017-5645)\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2017-August/004687.html\n\n**Affected packages:**\nlog4j\nlog4j-javadoc\nlog4j-manual\n\n**Upstream details at:**\n", "edition": 4, "modified": "2017-08-31T18:57:53", "published": "2017-08-31T18:57:53", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2017-August/004687.html", "id": "CESA-2017:2423", "title": "log4j security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2020-08-12T01:06:42", "bulletinFamily": "unix", "cvelist": ["CVE-2020-9548", "CVE-2020-9546", "CVE-2020-9547"], "description": "Package : jackson-databind\nVersion : 2.4.2-2+deb8u12\nCVE ID : CVE-2020-9546 CVE-2020-9547 CVE-2020-9548\n\n\nThe following CVEs were reported for jackson-databind source package.\n\nCVE-2020-9546\n\n FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the\n interaction between serialization gadgets and typing, related\n to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig\n (aka shaded hikari-config).\n\nCVE-2020-9547\n\n FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the\n interaction between serialization gadgets and typing, related\n to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig\n (aka ibatis-sqlmap).\n\nCVE-2020-9548\n\n FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the\n interaction between serialization gadgets and typing, related\n to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n2.4.2-2+deb8u12.\n\nWe recommend that you upgrade your jackson-databind packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n\nBest,\nUtkarsh\n", "edition": 8, "modified": "2020-03-05T22:56:01", "published": "2020-03-05T22:56:01", "id": "DEBIAN:DLA-2135-1:92903", "href": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202003/msg00008.html", "title": "[SECURITY] [DLA 2135-1] jackson-databind security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "attackerkb": [{"lastseen": "2020-12-16T09:30:08", "bulletinFamily": "info", "cvelist": ["CVE-2017-5645", "CVE-2019-17571", "CVE-2020-9488"], "description": "Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.\n\n \n**Recent assessments:** \n \n**space-r7** at October 05, 2020 10:35pm UTC reported:\n\nThis vulnerability is essentially a duplicate of CVE-2017-5645, which was discovered in various versions of Log4j 2. I am unsure why the Log4j 1.x versions were addressed later, especially since Log4j 1.x was considered EoL in 2015.\n\nIncluding any of the vulnerable versions of the Log4j library and enabling it in the application of choice opens up a pretty nasty vulnerability in said application. The CVE listing mentions that the vulnerability exists within the `SocketServer` class. Within its `main()` method, a `SocketNode` object is created once a client connection is accepted.\n \n \n public static void main(String argv[])\n {\n ...\n while(true) {\n \tcat.info(\"Waiting to accept a new client.\");\n \tSocket socket = serverSocket.accept();\n \tInetAddress inetAddress = socket.getInetAddress();\n \tcat.info(\"Connected to client at \" + inetAddress);\n \n \tLoggerRepository h = (LoggerRepository) server.hierarchyMap.get(inetAddress);\n \tif(h == null) {\n \t h = server.configureHierarchy(inetAddress);\n \t}\n \n \tcat.info(\"Starting new socket node.\");\n \tnew Thread(new SocketNode(socket, h)).start();\n ...\n }\n \n\nThe `SocketNode` constructor creates a new `ObjectInputStream` object named `ois` from data on the socket:\n \n \n public SocketNode(Socket socket, LoggerRepository hierarchy)\n {\n this.socket = socket;\n this.hierarchy = hierarchy;\n try {\n ois = new ObjectInputStream(new BufferedInputStream(socket.getInputStream()));\n ...\n }\n \n\nAnd in the `SocketNode`\u2019s `run()` method, `readObject()` is called on the data previously read from the socket:\n \n \n public void run()\n {\n LoggingEvent event;\n Logger remoteLogger;\n \n try {\n if (ois != null) {\n while(true) {\n \t // read an event from the wire\n \t event = (LoggingEvent) ois.readObject();\n \t // get a logger from the hierarchy. The name of the logger is taken to be the name contained in the event.\n \t remoteLogger = hierarchy.getLogger(event.getLoggerName());\n ...\n }\n \n\nThis vulnerability could give an attacker unauthenticated RCE easily _if and only if_ the Log4j library is enabled and listening for remote connections. I\u2019m rating this vulnerability a little lower in utility / attacker value because of that. This is quite an old vulnerability despite the CVE date, but as always, make sure you\u2019re patched.\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3\n", "modified": "2020-09-16T00:00:00", "published": "2019-12-20T00:00:00", "id": "AKB:FB2F65B2-D10B-4622-AEE6-41AAD3C1E6E7", "href": "https://attackerkb.com/topics/AtbsphK6g8/cve-2019-17571", "type": "attackerkb", "title": "CVE-2019-17571", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
