CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
99.5%
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4035 advisory.
WebKitGTK+ is port of the WebKit portable web rendering engine to the GTK+ platform. These packages provide WebKitGTK+ for GTK+ 3.
The following packages have been upgraded to a later upstream version: webkitgtk4 (2.28.2). (BZ#1817144)
Security Fix(es):
* webkitgtk: Multiple security issues (CVE-2019-6237, CVE-2019-6251, CVE-2019-8506, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8607, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8611, CVE-2019-8615, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623, CVE-2019-8625, CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8674, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689, CVE-2019-8690, CVE-2019-8707, CVE-2019-8710, CVE-2019-8719, CVE-2019-8720, CVE-2019-8726, CVE-2019-8733, CVE-2019-8735, CVE-2019-8743, CVE-2019-8763, CVE-2019-8764, CVE-2019-8765, CVE-2019-8766, CVE-2019-8768, CVE-2019-8769, CVE-2019-8771, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822, CVE-2019-8823, CVE-2019-8835, CVE-2019-8844, CVE-2019-8846, CVE-2019-11070, CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868, CVE-2020-3885, CVE-2020-3894, CVE-2020-3895, CVE-2020-3897, CVE-2020-3899, CVE-2020-3900, CVE-2020-3901, CVE-2020-3902, CVE-2020-10018, CVE-2020-11793)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2020:4035. The text
# itself is copyright (C) Red Hat, Inc.
##
include('compat.inc');
if (description)
{
script_id(143094);
script_version("1.13");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/04");
script_cve_id(
"CVE-2019-6237",
"CVE-2019-6251",
"CVE-2019-8506",
"CVE-2019-8524",
"CVE-2019-8535",
"CVE-2019-8536",
"CVE-2019-8544",
"CVE-2019-8551",
"CVE-2019-8558",
"CVE-2019-8559",
"CVE-2019-8563",
"CVE-2019-8571",
"CVE-2019-8583",
"CVE-2019-8584",
"CVE-2019-8586",
"CVE-2019-8587",
"CVE-2019-8594",
"CVE-2019-8595",
"CVE-2019-8596",
"CVE-2019-8597",
"CVE-2019-8601",
"CVE-2019-8607",
"CVE-2019-8608",
"CVE-2019-8609",
"CVE-2019-8610",
"CVE-2019-8611",
"CVE-2019-8615",
"CVE-2019-8619",
"CVE-2019-8622",
"CVE-2019-8623",
"CVE-2019-8625",
"CVE-2019-8644",
"CVE-2019-8649",
"CVE-2019-8658",
"CVE-2019-8666",
"CVE-2019-8669",
"CVE-2019-8671",
"CVE-2019-8672",
"CVE-2019-8673",
"CVE-2019-8674",
"CVE-2019-8676",
"CVE-2019-8677",
"CVE-2019-8678",
"CVE-2019-8679",
"CVE-2019-8680",
"CVE-2019-8681",
"CVE-2019-8683",
"CVE-2019-8684",
"CVE-2019-8686",
"CVE-2019-8687",
"CVE-2019-8688",
"CVE-2019-8689",
"CVE-2019-8690",
"CVE-2019-8707",
"CVE-2019-8710",
"CVE-2019-8719",
"CVE-2019-8720",
"CVE-2019-8726",
"CVE-2019-8733",
"CVE-2019-8735",
"CVE-2019-8743",
"CVE-2019-8763",
"CVE-2019-8764",
"CVE-2019-8765",
"CVE-2019-8766",
"CVE-2019-8768",
"CVE-2019-8769",
"CVE-2019-8771",
"CVE-2019-8782",
"CVE-2019-8783",
"CVE-2019-8808",
"CVE-2019-8811",
"CVE-2019-8812",
"CVE-2019-8813",
"CVE-2019-8814",
"CVE-2019-8815",
"CVE-2019-8816",
"CVE-2019-8819",
"CVE-2019-8820",
"CVE-2019-8821",
"CVE-2019-8822",
"CVE-2019-8823",
"CVE-2019-8835",
"CVE-2019-8844",
"CVE-2019-8846",
"CVE-2019-11070",
"CVE-2020-3862",
"CVE-2020-3864",
"CVE-2020-3865",
"CVE-2020-3867",
"CVE-2020-3868",
"CVE-2020-3885",
"CVE-2020-3894",
"CVE-2020-3895",
"CVE-2020-3897",
"CVE-2020-3899",
"CVE-2020-3900",
"CVE-2020-3901",
"CVE-2020-3902",
"CVE-2020-10018",
"CVE-2020-11793",
"CVE-2021-30666",
"CVE-2021-30761",
"CVE-2021-30762"
);
script_bugtraq_id(
109328,
109329,
108497,
108566
);
script_xref(name:"RHSA", value:"2020:4035");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/05/25");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/06/13");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2021/11/17");
script_name(english:"RHEL 7 : webkitgtk4 (RHSA-2020:4035)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2020:4035 advisory.
WebKitGTK+ is port of the WebKit portable web rendering engine to the GTK+ platform. These packages
provide WebKitGTK+ for GTK+ 3.
The following packages have been upgraded to a later upstream version: webkitgtk4 (2.28.2). (BZ#1817144)
Security Fix(es):
* webkitgtk: Multiple security issues (CVE-2019-6237, CVE-2019-6251, CVE-2019-8506, CVE-2019-8524,
CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563,
CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595,
CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8607, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610,
CVE-2019-8611, CVE-2019-8615, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623, CVE-2019-8625, CVE-2019-8644,
CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673,
CVE-2019-8674, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681,
CVE-2019-8683, CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689, CVE-2019-8690,
CVE-2019-8707, CVE-2019-8710, CVE-2019-8719, CVE-2019-8720, CVE-2019-8726, CVE-2019-8733, CVE-2019-8735,
CVE-2019-8743, CVE-2019-8763, CVE-2019-8764, CVE-2019-8765, CVE-2019-8766, CVE-2019-8768, CVE-2019-8769,
CVE-2019-8771, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813,
CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822,
CVE-2019-8823, CVE-2019-8835, CVE-2019-8844, CVE-2019-8846, CVE-2019-11070, CVE-2020-3862, CVE-2020-3864,
CVE-2020-3865, CVE-2020-3867, CVE-2020-3868, CVE-2020-3885, CVE-2020-3894, CVE-2020-3895, CVE-2020-3897,
CVE-2020-3899, CVE-2020-3900, CVE-2020-3901, CVE-2020-3902, CVE-2020-10018, CVE-2020-11793)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and
other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes
linked from the References section.
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://access.redhat.com/security/data/csaf/v2/advisories/2020/rhsa-2020_4035.json
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?32bbce1d");
# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?dd3afe18");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#moderate");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:4035");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1667409");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1709289");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1719199");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1719209");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1719210");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1719213");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1719224");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1719231");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1719235");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1719237");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1719238");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1811721");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1816678");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1816684");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1816686");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1817144");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1829369");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876462");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876463");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876465");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876468");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876470");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876472");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876473");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876476");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876516");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876518");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876521");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876522");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876523");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876536");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876537");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876540");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876542");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876543");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876545");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876548");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876549");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876550");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876552");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876553");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876554");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876555");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876556");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876590");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876591");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876592");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876593");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876594");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876607");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876608");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876609");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876610");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876611");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876612");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876613");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876614");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876615");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876616");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876617");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876619");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876626");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876628");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876629");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876630");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876631");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876632");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876634");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876643");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876644");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876645");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876646");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876647");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876648");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876650");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876651");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876652");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876653");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876655");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876656");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876657");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876664");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876880");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876881");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876882");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876883");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876884");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876887");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876891");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876892");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876893");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876894");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876895");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876897");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876898");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876899");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1876900");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1877045");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1877046");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1877047");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1877048");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1877049");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-3899");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2020-10018");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_cwe_id(20, 79, 94, 119, 200, 400, 416);
script_set_attribute(attribute:"vendor_severity", value:"Moderate");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/14");
script_set_attribute(attribute:"patch_publication_date", value:"2020/09/29");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/11/19");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:webkitgtk4");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:webkitgtk4-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:webkitgtk4-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:webkitgtk4-jsc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:webkitgtk4-jsc-devel");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
var constraints = [
{
'repo_relative_urls': [
'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/debug',
'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/debug',
'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/os',
'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/source/SRPMS',
'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/os',
'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/source/SRPMS',
'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/debug',
'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/debug',
'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/os',
'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/source/SRPMS',
'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/os',
'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/source/SRPMS',
'content/dist/rhel/client/7/7.9/x86_64/debug',
'content/dist/rhel/client/7/7.9/x86_64/optional/debug',
'content/dist/rhel/client/7/7.9/x86_64/optional/os',
'content/dist/rhel/client/7/7.9/x86_64/optional/source/SRPMS',
'content/dist/rhel/client/7/7.9/x86_64/os',
'content/dist/rhel/client/7/7.9/x86_64/source/SRPMS',
'content/dist/rhel/client/7/7Client/x86_64/debug',
'content/dist/rhel/client/7/7Client/x86_64/optional/debug',
'content/dist/rhel/client/7/7Client/x86_64/optional/os',
'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',
'content/dist/rhel/client/7/7Client/x86_64/os',
'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',
'content/dist/rhel/computenode/7/7.9/x86_64/optional/debug',
'content/dist/rhel/computenode/7/7.9/x86_64/optional/os',
'content/dist/rhel/computenode/7/7.9/x86_64/optional/source/SRPMS',
'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',
'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',
'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',
'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',
'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',
'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',
'content/dist/rhel/power-le/7/7.9/ppc64le/debug',
'content/dist/rhel/power-le/7/7.9/ppc64le/highavailability/debug',
'content/dist/rhel/power-le/7/7.9/ppc64le/highavailability/os',
'content/dist/rhel/power-le/7/7.9/ppc64le/highavailability/source/SRPMS',
'content/dist/rhel/power-le/7/7.9/ppc64le/optional/debug',
'content/dist/rhel/power-le/7/7.9/ppc64le/optional/os',
'content/dist/rhel/power-le/7/7.9/ppc64le/optional/source/SRPMS',
'content/dist/rhel/power-le/7/7.9/ppc64le/os',
'content/dist/rhel/power-le/7/7.9/ppc64le/resilientstorage/debug',
'content/dist/rhel/power-le/7/7.9/ppc64le/resilientstorage/os',
'content/dist/rhel/power-le/7/7.9/ppc64le/resilientstorage/source/SRPMS',
'content/dist/rhel/power-le/7/7.9/ppc64le/source/SRPMS',
'content/dist/rhel/power-le/7/7Server/ppc64le/debug',
'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/debug',
'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/os',
'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/source/SRPMS',
'content/dist/rhel/power-le/7/7Server/ppc64le/optional/debug',
'content/dist/rhel/power-le/7/7Server/ppc64le/optional/os',
'content/dist/rhel/power-le/7/7Server/ppc64le/optional/source/SRPMS',
'content/dist/rhel/power-le/7/7Server/ppc64le/os',
'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/debug',
'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/os',
'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/source/SRPMS',
'content/dist/rhel/power-le/7/7Server/ppc64le/source/SRPMS',
'content/dist/rhel/power/7/7.9/ppc64/debug',
'content/dist/rhel/power/7/7.9/ppc64/optional/debug',
'content/dist/rhel/power/7/7.9/ppc64/optional/os',
'content/dist/rhel/power/7/7.9/ppc64/optional/source/SRPMS',
'content/dist/rhel/power/7/7.9/ppc64/os',
'content/dist/rhel/power/7/7.9/ppc64/source/SRPMS',
'content/dist/rhel/power/7/7Server/ppc64/debug',
'content/dist/rhel/power/7/7Server/ppc64/optional/debug',
'content/dist/rhel/power/7/7Server/ppc64/optional/os',
'content/dist/rhel/power/7/7Server/ppc64/optional/source/SRPMS',
'content/dist/rhel/power/7/7Server/ppc64/os',
'content/dist/rhel/power/7/7Server/ppc64/source/SRPMS',
'content/dist/rhel/server/7/7.9/x86_64/debug',
'content/dist/rhel/server/7/7.9/x86_64/highavailability/debug',
'content/dist/rhel/server/7/7.9/x86_64/highavailability/os',
'content/dist/rhel/server/7/7.9/x86_64/highavailability/source/SRPMS',
'content/dist/rhel/server/7/7.9/x86_64/optional/debug',
'content/dist/rhel/server/7/7.9/x86_64/optional/os',
'content/dist/rhel/server/7/7.9/x86_64/optional/source/SRPMS',
'content/dist/rhel/server/7/7.9/x86_64/os',
'content/dist/rhel/server/7/7.9/x86_64/resilientstorage/debug',
'content/dist/rhel/server/7/7.9/x86_64/resilientstorage/os',
'content/dist/rhel/server/7/7.9/x86_64/resilientstorage/source/SRPMS',
'content/dist/rhel/server/7/7.9/x86_64/source/SRPMS',
'content/dist/rhel/server/7/7Server/x86_64/debug',
'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',
'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',
'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',
'content/dist/rhel/server/7/7Server/x86_64/optional/debug',
'content/dist/rhel/server/7/7Server/x86_64/optional/os',
'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',
'content/dist/rhel/server/7/7Server/x86_64/os',
'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',
'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',
'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',
'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',
'content/dist/rhel/system-z/7/7.9/s390x/debug',
'content/dist/rhel/system-z/7/7.9/s390x/highavailability/debug',
'content/dist/rhel/system-z/7/7.9/s390x/highavailability/os',
'content/dist/rhel/system-z/7/7.9/s390x/highavailability/source/SRPMS',
'content/dist/rhel/system-z/7/7.9/s390x/optional/debug',
'content/dist/rhel/system-z/7/7.9/s390x/optional/os',
'content/dist/rhel/system-z/7/7.9/s390x/optional/source/SRPMS',
'content/dist/rhel/system-z/7/7.9/s390x/os',
'content/dist/rhel/system-z/7/7.9/s390x/resilientstorage/debug',
'content/dist/rhel/system-z/7/7.9/s390x/resilientstorage/os',
'content/dist/rhel/system-z/7/7.9/s390x/resilientstorage/source/SRPMS',
'content/dist/rhel/system-z/7/7.9/s390x/source/SRPMS',
'content/dist/rhel/system-z/7/7Server/s390x/debug',
'content/dist/rhel/system-z/7/7Server/s390x/highavailability/debug',
'content/dist/rhel/system-z/7/7Server/s390x/highavailability/os',
'content/dist/rhel/system-z/7/7Server/s390x/highavailability/source/SRPMS',
'content/dist/rhel/system-z/7/7Server/s390x/optional/debug',
'content/dist/rhel/system-z/7/7Server/s390x/optional/os',
'content/dist/rhel/system-z/7/7Server/s390x/optional/source/SRPMS',
'content/dist/rhel/system-z/7/7Server/s390x/os',
'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/debug',
'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/os',
'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/source/SRPMS',
'content/dist/rhel/system-z/7/7Server/s390x/source/SRPMS',
'content/dist/rhel/workstation/7/7.9/x86_64/debug',
'content/dist/rhel/workstation/7/7.9/x86_64/optional/debug',
'content/dist/rhel/workstation/7/7.9/x86_64/optional/os',
'content/dist/rhel/workstation/7/7.9/x86_64/optional/source/SRPMS',
'content/dist/rhel/workstation/7/7.9/x86_64/os',
'content/dist/rhel/workstation/7/7.9/x86_64/source/SRPMS',
'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',
'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',
'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',
'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',
'content/dist/rhel/workstation/7/7Workstation/x86_64/os',
'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',
'content/fastrack/rhel/client/7/x86_64/debug',
'content/fastrack/rhel/client/7/x86_64/optional/debug',
'content/fastrack/rhel/client/7/x86_64/optional/os',
'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',
'content/fastrack/rhel/client/7/x86_64/os',
'content/fastrack/rhel/client/7/x86_64/source/SRPMS',
'content/fastrack/rhel/computenode/7/x86_64/debug',
'content/fastrack/rhel/computenode/7/x86_64/optional/debug',
'content/fastrack/rhel/computenode/7/x86_64/optional/os',
'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',
'content/fastrack/rhel/computenode/7/x86_64/os',
'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',
'content/fastrack/rhel/power/7/ppc64/debug',
'content/fastrack/rhel/power/7/ppc64/optional/debug',
'content/fastrack/rhel/power/7/ppc64/optional/os',
'content/fastrack/rhel/power/7/ppc64/optional/source/SRPMS',
'content/fastrack/rhel/power/7/ppc64/os',
'content/fastrack/rhel/power/7/ppc64/source/SRPMS',
'content/fastrack/rhel/server/7/x86_64/debug',
'content/fastrack/rhel/server/7/x86_64/highavailability/debug',
'content/fastrack/rhel/server/7/x86_64/highavailability/os',
'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',
'content/fastrack/rhel/server/7/x86_64/optional/debug',
'content/fastrack/rhel/server/7/x86_64/optional/os',
'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',
'content/fastrack/rhel/server/7/x86_64/os',
'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',
'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',
'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',
'content/fastrack/rhel/server/7/x86_64/source/SRPMS',
'content/fastrack/rhel/system-z/7/s390x/debug',
'content/fastrack/rhel/system-z/7/s390x/optional/debug',
'content/fastrack/rhel/system-z/7/s390x/optional/os',
'content/fastrack/rhel/system-z/7/s390x/optional/source/SRPMS',
'content/fastrack/rhel/system-z/7/s390x/os',
'content/fastrack/rhel/system-z/7/s390x/source/SRPMS',
'content/fastrack/rhel/workstation/7/x86_64/debug',
'content/fastrack/rhel/workstation/7/x86_64/optional/debug',
'content/fastrack/rhel/workstation/7/x86_64/optional/os',
'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',
'content/fastrack/rhel/workstation/7/x86_64/os',
'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'
],
'pkgs': [
{'reference':'webkitgtk4-2.28.2-2.el7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'webkitgtk4-2.28.2-2.el7', 'cpu':'ppc', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'webkitgtk4-2.28.2-2.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'webkitgtk4-2.28.2-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'webkitgtk4-2.28.2-2.el7', 'cpu':'s390', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'webkitgtk4-2.28.2-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'webkitgtk4-2.28.2-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'webkitgtk4-devel-2.28.2-2.el7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'webkitgtk4-devel-2.28.2-2.el7', 'cpu':'ppc', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'webkitgtk4-devel-2.28.2-2.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'webkitgtk4-devel-2.28.2-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'webkitgtk4-devel-2.28.2-2.el7', 'cpu':'s390', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'webkitgtk4-devel-2.28.2-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'webkitgtk4-devel-2.28.2-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'webkitgtk4-doc-2.28.2-2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'webkitgtk4-jsc-2.28.2-2.el7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'webkitgtk4-jsc-2.28.2-2.el7', 'cpu':'ppc', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'webkitgtk4-jsc-2.28.2-2.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'webkitgtk4-jsc-2.28.2-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'webkitgtk4-jsc-2.28.2-2.el7', 'cpu':'s390', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'webkitgtk4-jsc-2.28.2-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'webkitgtk4-jsc-2.28.2-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'webkitgtk4-jsc-devel-2.28.2-2.el7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'webkitgtk4-jsc-devel-2.28.2-2.el7', 'cpu':'ppc', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'webkitgtk4-jsc-devel-2.28.2-2.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'webkitgtk4-jsc-devel-2.28.2-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'webkitgtk4-jsc-devel-2.28.2-2.el7', 'cpu':'s390', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'webkitgtk4-jsc-devel-2.28.2-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'webkitgtk4-jsc-devel-2.28.2-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}
]
}
];
var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);
var flag = 0;
foreach var constraint_array ( constraints ) {
var repo_relative_urls = NULL;
if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
foreach var pkg ( constraint_array['pkgs'] ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
_release &&
rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
(applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
var extra = NULL;
if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
else extra = rpm_report_get();
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : extra
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'webkitgtk4 / webkitgtk4-devel / webkitgtk4-doc / webkitgtk4-jsc / etc');
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11070
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6237
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6251
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8506
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8524
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8535
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8536
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8544
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8551
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8558
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8559
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8563
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8571
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8583
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8584
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8586
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8587
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8594
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8595
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8596
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8597
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8601
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8607
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8608
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8609
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8610
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8611
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8615
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8619
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8622
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8623
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8625
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8644
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8649
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8658
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8666
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8669
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8671
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8672
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8673
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8674
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8676
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8677
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8678
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8679
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8680
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8681
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8683
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8684
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8686
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8687
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8688
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8689
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8690
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8707
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8710
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8719
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8720
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8726
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8733
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8735
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8743
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8763
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8764
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8765
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8766
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8768
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8769
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8771
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8782
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8783
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8808
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8811
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8812
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8813
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8814
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8815
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8816
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8819
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8820
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8821
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8822
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8823
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8835
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8844
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8846
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10018
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11793
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3862
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3864
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3865
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3867
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3868
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3885
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3894
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3895
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3897
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3899
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3900
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3901
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3902
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30666
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30761
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30762
www.nessus.org/u?32bbce1d
www.nessus.org/u?dd3afe18
access.redhat.com/errata/RHSA-2020:4035
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1667409
bugzilla.redhat.com/show_bug.cgi?id=1709289
bugzilla.redhat.com/show_bug.cgi?id=1719199
bugzilla.redhat.com/show_bug.cgi?id=1719209
bugzilla.redhat.com/show_bug.cgi?id=1719210
bugzilla.redhat.com/show_bug.cgi?id=1719213
bugzilla.redhat.com/show_bug.cgi?id=1719224
bugzilla.redhat.com/show_bug.cgi?id=1719231
bugzilla.redhat.com/show_bug.cgi?id=1719235
bugzilla.redhat.com/show_bug.cgi?id=1719237
bugzilla.redhat.com/show_bug.cgi?id=1719238
bugzilla.redhat.com/show_bug.cgi?id=1811721
bugzilla.redhat.com/show_bug.cgi?id=1816678
bugzilla.redhat.com/show_bug.cgi?id=1816684
bugzilla.redhat.com/show_bug.cgi?id=1816686
bugzilla.redhat.com/show_bug.cgi?id=1817144
bugzilla.redhat.com/show_bug.cgi?id=1829369
bugzilla.redhat.com/show_bug.cgi?id=1876462
bugzilla.redhat.com/show_bug.cgi?id=1876463
bugzilla.redhat.com/show_bug.cgi?id=1876465
bugzilla.redhat.com/show_bug.cgi?id=1876468
bugzilla.redhat.com/show_bug.cgi?id=1876470
bugzilla.redhat.com/show_bug.cgi?id=1876472
bugzilla.redhat.com/show_bug.cgi?id=1876473
bugzilla.redhat.com/show_bug.cgi?id=1876476
bugzilla.redhat.com/show_bug.cgi?id=1876516
bugzilla.redhat.com/show_bug.cgi?id=1876518
bugzilla.redhat.com/show_bug.cgi?id=1876521
bugzilla.redhat.com/show_bug.cgi?id=1876522
bugzilla.redhat.com/show_bug.cgi?id=1876523
bugzilla.redhat.com/show_bug.cgi?id=1876536
bugzilla.redhat.com/show_bug.cgi?id=1876537
bugzilla.redhat.com/show_bug.cgi?id=1876540
bugzilla.redhat.com/show_bug.cgi?id=1876542
bugzilla.redhat.com/show_bug.cgi?id=1876543
bugzilla.redhat.com/show_bug.cgi?id=1876545
bugzilla.redhat.com/show_bug.cgi?id=1876548
bugzilla.redhat.com/show_bug.cgi?id=1876549
bugzilla.redhat.com/show_bug.cgi?id=1876550
bugzilla.redhat.com/show_bug.cgi?id=1876552
bugzilla.redhat.com/show_bug.cgi?id=1876553
bugzilla.redhat.com/show_bug.cgi?id=1876554
bugzilla.redhat.com/show_bug.cgi?id=1876555
bugzilla.redhat.com/show_bug.cgi?id=1876556
bugzilla.redhat.com/show_bug.cgi?id=1876590
bugzilla.redhat.com/show_bug.cgi?id=1876591
bugzilla.redhat.com/show_bug.cgi?id=1876592
bugzilla.redhat.com/show_bug.cgi?id=1876593
bugzilla.redhat.com/show_bug.cgi?id=1876594
bugzilla.redhat.com/show_bug.cgi?id=1876607
bugzilla.redhat.com/show_bug.cgi?id=1876608
bugzilla.redhat.com/show_bug.cgi?id=1876609
bugzilla.redhat.com/show_bug.cgi?id=1876610
bugzilla.redhat.com/show_bug.cgi?id=1876611
bugzilla.redhat.com/show_bug.cgi?id=1876612
bugzilla.redhat.com/show_bug.cgi?id=1876613
bugzilla.redhat.com/show_bug.cgi?id=1876614
bugzilla.redhat.com/show_bug.cgi?id=1876615
bugzilla.redhat.com/show_bug.cgi?id=1876616
bugzilla.redhat.com/show_bug.cgi?id=1876617
bugzilla.redhat.com/show_bug.cgi?id=1876619
bugzilla.redhat.com/show_bug.cgi?id=1876626
bugzilla.redhat.com/show_bug.cgi?id=1876628
bugzilla.redhat.com/show_bug.cgi?id=1876629
bugzilla.redhat.com/show_bug.cgi?id=1876630
bugzilla.redhat.com/show_bug.cgi?id=1876631
bugzilla.redhat.com/show_bug.cgi?id=1876632
bugzilla.redhat.com/show_bug.cgi?id=1876634
bugzilla.redhat.com/show_bug.cgi?id=1876643
bugzilla.redhat.com/show_bug.cgi?id=1876644
bugzilla.redhat.com/show_bug.cgi?id=1876645
bugzilla.redhat.com/show_bug.cgi?id=1876646
bugzilla.redhat.com/show_bug.cgi?id=1876647
bugzilla.redhat.com/show_bug.cgi?id=1876648
bugzilla.redhat.com/show_bug.cgi?id=1876650
bugzilla.redhat.com/show_bug.cgi?id=1876651
bugzilla.redhat.com/show_bug.cgi?id=1876652
bugzilla.redhat.com/show_bug.cgi?id=1876653
bugzilla.redhat.com/show_bug.cgi?id=1876655
bugzilla.redhat.com/show_bug.cgi?id=1876656
bugzilla.redhat.com/show_bug.cgi?id=1876657
bugzilla.redhat.com/show_bug.cgi?id=1876664
bugzilla.redhat.com/show_bug.cgi?id=1876880
bugzilla.redhat.com/show_bug.cgi?id=1876881
bugzilla.redhat.com/show_bug.cgi?id=1876882
bugzilla.redhat.com/show_bug.cgi?id=1876883
bugzilla.redhat.com/show_bug.cgi?id=1876884
bugzilla.redhat.com/show_bug.cgi?id=1876887
bugzilla.redhat.com/show_bug.cgi?id=1876891
bugzilla.redhat.com/show_bug.cgi?id=1876892
bugzilla.redhat.com/show_bug.cgi?id=1876893
bugzilla.redhat.com/show_bug.cgi?id=1876894
bugzilla.redhat.com/show_bug.cgi?id=1876895
bugzilla.redhat.com/show_bug.cgi?id=1876897
bugzilla.redhat.com/show_bug.cgi?id=1876898
bugzilla.redhat.com/show_bug.cgi?id=1876899
bugzilla.redhat.com/show_bug.cgi?id=1876900
bugzilla.redhat.com/show_bug.cgi?id=1877045
bugzilla.redhat.com/show_bug.cgi?id=1877046
bugzilla.redhat.com/show_bug.cgi?id=1877047
bugzilla.redhat.com/show_bug.cgi?id=1877048
bugzilla.redhat.com/show_bug.cgi?id=1877049
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
99.5%