Red Hat JBoss Core Services Pack Apache Server 2.4.29 packages are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements.
Refer to the Release Notes for information on the most significant bug fixes, enhancements and component upgrades included in this release.
This release upgrades OpenSSL to version 1.0.2.n
Security Fix(es) :
openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() (CVE-2016-2182)
openssl: Insufficient TLS session ticket HMAC length checks (CVE-2016-6302)
openssl: certificate message OOB reads (CVE-2016-6306)
openssl: Carry propagating bug in Montgomery multiplication (CVE-2016-7055)
openssl: Truncated packet could crash via OOB read (CVE-2017-3731)
openssl: BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)
openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
openssl: Read/write after SSL object in error state (CVE-2017-3737)
openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)
Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6306 and CVE-2016-7055. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6306.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2018:2185. The text
# itself is copyright (C) Red Hat, Inc.
#
include("compat.inc");
if (description)
{
script_id(111146);
script_version("1.6");
script_cvs_date("Date: 2019/10/24 15:35:45");
script_cve_id("CVE-2016-2182", "CVE-2016-4975", "CVE-2016-6302", "CVE-2016-6306", "CVE-2016-7055", "CVE-2017-3731", "CVE-2017-3732", "CVE-2017-3736", "CVE-2017-3737", "CVE-2017-3738");
script_xref(name:"RHSA", value:"2018:2185");
script_name(english:"RHEL 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 7 (RHSA-2018:2185)");
script_summary(english:"Checks the rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Red Hat host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"Red Hat JBoss Core Services Pack Apache Server 2.4.29 packages are now
available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this release as having a security
impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
This release adds the new Apache HTTP Server 2.4.29 packages that are
part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services
Apache HTTP Server 2.4.23, and includes bug fixes and enhancements.
Refer to the Release Notes for information on the most significant bug
fixes, enhancements and component upgrades included in this release.
This release upgrades OpenSSL to version 1.0.2.n
Security Fix(es) :
* openssl: Out-of-bounds write caused by unchecked errors in
BN_bn2dec() (CVE-2016-2182)
* openssl: Insufficient TLS session ticket HMAC length checks
(CVE-2016-6302)
* openssl: certificate message OOB reads (CVE-2016-6306)
* openssl: Carry propagating bug in Montgomery multiplication
(CVE-2016-7055)
* openssl: Truncated packet could crash via OOB read (CVE-2017-3731)
* openssl: BN_mod_exp may produce incorrect results on x86_64
(CVE-2017-3732)
* openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
* openssl: Read/write after SSL object in error state (CVE-2017-3737)
* openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)
Red Hat would like to thank the OpenSSL project for reporting
CVE-2016-6306 and CVE-2016-7055. Upstream acknowledges Shi Lei (Gear
Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6306."
);
# https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?b2e43da2"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/errata/RHSA-2018:2185"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2016-2182"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2016-4975"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2016-6302"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2016-6306"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2016-7055"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2017-3731"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2017-3732"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2017-3736"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2017-3737"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2017-3738"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apache-commons-daemon");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apache-commons-daemon-jsvc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-ldap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-nss");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-odbc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-openssl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-pgsql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-sqlite");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-manual");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-selinux");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_auth_kerb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_auth_kerb-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_bmx");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_bmx-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_cluster-native");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_cluster-native-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_jk-ap24");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_jk-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_jk-manual");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ldap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_proxy_html");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_rt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_rt-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_security");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_security-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_session");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ssl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-nghttp2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-nghttp2-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-nghttp2-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-perl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-static");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/16");
script_set_attribute(attribute:"patch_publication_date", value:"2018/07/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/07/18");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Red Hat Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo))
{
rhsa = "RHSA-2018:2185";
yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
if (!empty_or_null(yum_report))
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : yum_report
);
exit(0);
}
else
{
audit_message = "affected by Red Hat security advisory " + rhsa;
audit(AUDIT_OS_NOT, audit_message);
}
}
else
{
flag = 0;
if (rpm_check(release:"RHEL7", reference:"jbcs-httpd24-apache-commons-daemon-1.1.0-1.redhat_2.1.jbcs.el7")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-apache-commons-daemon-jsvc-1.1.0-1.redhat_2.jbcs.el7")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1.1.0-1.redhat_2.jbcs.el7")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-apr-1.6.3-14.jbcs.el7")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-apr-debuginfo-1.6.3-14.jbcs.el7")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-apr-devel-1.6.3-14.jbcs.el7")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-apr-util-1.6.1-9.jbcs.el7")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-apr-util-debuginfo-1.6.1-9.jbcs.el7")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-apr-util-devel-1.6.1-9.jbcs.el7")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-apr-util-ldap-1.6.1-9.jbcs.el7")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-apr-util-mysql-1.6.1-9.jbcs.el7")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-apr-util-nss-1.6.1-9.jbcs.el7")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-apr-util-odbc-1.6.1-9.jbcs.el7")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-apr-util-openssl-1.6.1-9.jbcs.el7")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-apr-util-pgsql-1.6.1-9.jbcs.el7")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-apr-util-sqlite-1.6.1-9.jbcs.el7")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-httpd-2.4.29-17.jbcs.el7")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-httpd-debuginfo-2.4.29-17.jbcs.el7")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-httpd-devel-2.4.29-17.jbcs.el7")) flag++;
if (rpm_check(release:"RHEL7", reference:"jbcs-httpd24-httpd-manual-2.4.29-17.jbcs.el7")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-httpd-selinux-2.4.29-17.jbcs.el7")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-httpd-tools-2.4.29-17.jbcs.el7")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-mod_auth_kerb-5.4-36.jbcs.el7")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-mod_auth_kerb-debuginfo-5.4-36.jbcs.el7")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-mod_bmx-0.9.6-17.GA.jbcs.el7")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-mod_bmx-debuginfo-0.9.6-17.GA.jbcs.el7")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-mod_cluster-native-1.3.8-1.Final_redhat_2.jbcs.el7")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-mod_cluster-native-debuginfo-1.3.8-1.Final_redhat_2.jbcs.el7")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-mod_jk-ap24-1.2.43-1.redhat_1.jbcs.el7")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-mod_jk-debuginfo-1.2.43-1.redhat_1.jbcs.el7")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-mod_jk-manual-1.2.43-1.redhat_1.jbcs.el7")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-mod_ldap-2.4.29-17.jbcs.el7")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-mod_proxy_html-2.4.29-17.jbcs.el7")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-mod_rt-2.4.1-19.GA.jbcs.el7")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-mod_rt-debuginfo-2.4.1-19.GA.jbcs.el7")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-mod_security-2.9.1-23.GA.jbcs.el7")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-mod_security-debuginfo-2.9.1-23.GA.jbcs.el7")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-mod_session-2.4.29-17.jbcs.el7")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-mod_ssl-2.4.29-17.jbcs.el7")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-nghttp2-1.29.0-8.jbcs.el7")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-nghttp2-debuginfo-1.29.0-8.jbcs.el7")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-nghttp2-devel-1.29.0-8.jbcs.el7")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-openssl-1.0.2n-11.jbcs.el7")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-openssl-debuginfo-1.0.2n-11.jbcs.el7")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-openssl-devel-1.0.2n-11.jbcs.el7")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-openssl-libs-1.0.2n-11.jbcs.el7")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-openssl-perl-1.0.2n-11.jbcs.el7")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-openssl-static-1.0.2n-11.jbcs.el7")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get() + redhat_report_package_caveat()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "jbcs-httpd24-apache-commons-daemon / etc");
}
}
Vendor | Product | Version | CPE |
---|---|---|---|
redhat | enterprise_linux | jbcs-httpd24-apache-commons-daemon | p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apache-commons-daemon |
redhat | enterprise_linux | jbcs-httpd24-apache-commons-daemon-jsvc | p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apache-commons-daemon-jsvc |
redhat | enterprise_linux | jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo | p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo |
redhat | enterprise_linux | jbcs-httpd24-apr | p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr |
redhat | enterprise_linux | jbcs-httpd24-apr-debuginfo | p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-debuginfo |
redhat | enterprise_linux | jbcs-httpd24-apr-devel | p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-devel |
redhat | enterprise_linux | jbcs-httpd24-apr-util | p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util |
redhat | enterprise_linux | jbcs-httpd24-apr-util-debuginfo | p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-debuginfo |
redhat | enterprise_linux | jbcs-httpd24-apr-util-devel | p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-devel |
redhat | enterprise_linux | jbcs-httpd24-apr-util-ldap | p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-ldap |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2182
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4975
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6302
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6306
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7055
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3731
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3732
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3736
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3737
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3738
www.nessus.org/u?b2e43da2
access.redhat.com/errata/RHSA-2018:2185
access.redhat.com/security/cve/cve-2016-2182
access.redhat.com/security/cve/cve-2016-4975
access.redhat.com/security/cve/cve-2016-6302
access.redhat.com/security/cve/cve-2016-6306
access.redhat.com/security/cve/cve-2016-7055
access.redhat.com/security/cve/cve-2017-3731
access.redhat.com/security/cve/cve-2017-3732
access.redhat.com/security/cve/cve-2017-3736
access.redhat.com/security/cve/cve-2017-3737
access.redhat.com/security/cve/cve-2017-3738