Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2023-0554.NASL
HistoryJan 31, 2023 - 12:00 a.m.

RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.9 Security update (Important) (RHSA-2023:0554)

2023-01-3100:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
97
JSON

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0554 advisory.

  • jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)

  • bootstrap: XSS in the data-target attribute (CVE-2016-10735)

  • nodejs-moment: Regular expression denial of service (CVE-2017-18214)

  • bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)

  • bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy (CVE-2018-14041)

  • bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)

  • jquery: Prototype pollution in object’s prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)

  • bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)

  • jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)

  • jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods (CVE-2020-11023)

  • wildfly-elytron: possible timing attacks via use of unsafe comparator (CVE-2022-3143)

  • jettison: parser crash by stackoverflow (CVE-2022-40149)

  • jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)

  • woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)

  • jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)

  • jackson-databind: use of deeply nested arrays (CVE-2022-42004)

  • mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)

  • jettison: If the value in map is the map’s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)

  • Apache CXF: SSRF Vulnerability (CVE-2022-46364)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2023:0554. The text
# itself is copyright (C) Red Hat, Inc.
##

include('compat.inc');

if (description)
{
  script_id(170911);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/08/02");

  script_cve_id(
    "CVE-2015-9251",
    "CVE-2016-10735",
    "CVE-2017-18214",
    "CVE-2018-14040",
    "CVE-2018-14041",
    "CVE-2018-14042",
    "CVE-2019-8331",
    "CVE-2019-11358",
    "CVE-2020-11022",
    "CVE-2020-11023",
    "CVE-2022-3143",
    "CVE-2022-40149",
    "CVE-2022-40150",
    "CVE-2022-40152",
    "CVE-2022-42003",
    "CVE-2022-42004",
    "CVE-2022-45047",
    "CVE-2022-45693",
    "CVE-2022-46364"
  );
  script_xref(name:"RHSA", value:"2023:0554");
  script_xref(name:"CEA-ID", value:"CEA-2021-0025");
  script_xref(name:"CEA-ID", value:"CEA-2021-0004");

  script_name(english:"RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.9 Security update (Important) (RHSA-2023:0554)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2023:0554 advisory.

  - jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)

  - bootstrap: XSS in the data-target attribute (CVE-2016-10735)

  - nodejs-moment: Regular expression denial of service (CVE-2017-18214)

  - bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)

  - bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy (CVE-2018-14041)

  - bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)

  - jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or
    property injection (CVE-2019-11358)

  - bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)

  - jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)

  - jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods
    (CVE-2020-11023)

  - wildfly-elytron: possible timing attacks via use of unsafe comparator (CVE-2022-3143)

  - jettison: parser crash by stackoverflow (CVE-2022-40149)

  - jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)

  - woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)

  - jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)

  - jackson-databind: use of deeply nested arrays (CVE-2022-42004)

  - mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)

  - jettison:  If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError
    which may lead to dos (CVE-2022-45693)

  - Apache CXF: SSRF Vulnerability (CVE-2022-46364)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2015-9251");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2016-10735");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2017-18214");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2018-14040");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2018-14041");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2018-14042");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-8331");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-11358");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-11022");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-11023");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2022-3143");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2022-40149");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2022-40150");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2022-40152");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2022-42003");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2022-42004");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2022-45047");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2022-45693");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2022-46364");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2023:0554");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1399546");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1553413");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1601614");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1601616");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1601617");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1668097");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1686454");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1701972");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1828406");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1850004");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/2124682");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/2134291");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/2135244");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/2135247");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/2135770");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/2135771");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/2145194");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/2155682");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/2155970");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-11023");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-46364");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(79, 121, 208, 400, 502, 787, 918);

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/01/31");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/01/31");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:9");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-apache-sshd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-hal-console");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-search");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-search-backend-jgroups");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-search-backend-jms");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-search-engine");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-search-orm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-search-serialization-avro");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-impl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-spi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-core-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-core-impl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-deployers-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-jdbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-validator");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-annotations");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-databind");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-datatype-jdk8");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-datatype-jsr310");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-jaxrs-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-jaxrs-json-provider");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-module-jaxb-annotations");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-modules-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jackson-modules-java8");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-javaee-security-soteria");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-javaee-security-soteria-enterprise");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-jettison");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-undertow");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-undertow-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-elytron");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-elytron-tool");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-javadocs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-modules");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-woodstox-core");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');
include('rhel.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '9')) audit(AUDIT_OS_NOT, 'Red Hat 9.x', 'Red Hat ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);

var constraints = [
  {
    'repo_relative_urls': [
      'content/dist/layered/rhel9/x86_64/jbeap/7.4/debug',
      'content/dist/layered/rhel9/x86_64/jbeap/7.4/os',
      'content/dist/layered/rhel9/x86_64/jbeap/7.4/source/SRPMS'
    ],
    'pkgs': [
      {'reference':'eap7-apache-sshd-2.9.2-1.redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},
      {'reference':'eap7-hal-console-3.3.16-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},
      {'reference':'eap7-hibernate-search-5.10.13-3.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},
      {'reference':'eap7-hibernate-search-backend-jgroups-5.10.13-3.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},
      {'reference':'eap7-hibernate-search-backend-jms-5.10.13-3.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},
      {'reference':'eap7-hibernate-search-engine-5.10.13-3.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},
      {'reference':'eap7-hibernate-search-orm-5.10.13-3.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},
      {'reference':'eap7-hibernate-search-serialization-avro-5.10.13-3.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},
      {'reference':'eap7-ironjacamar-1.5.10-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},
      {'reference':'eap7-ironjacamar-common-api-1.5.10-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},
      {'reference':'eap7-ironjacamar-common-impl-1.5.10-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},
      {'reference':'eap7-ironjacamar-common-spi-1.5.10-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},
      {'reference':'eap7-ironjacamar-core-api-1.5.10-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},
      {'reference':'eap7-ironjacamar-core-impl-1.5.10-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},
      {'reference':'eap7-ironjacamar-deployers-common-1.5.10-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},
      {'reference':'eap7-ironjacamar-jdbc-1.5.10-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},
      {'reference':'eap7-ironjacamar-validator-1.5.10-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},
      {'reference':'eap7-jackson-annotations-2.12.7-1.redhat_00003.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},
      {'reference':'eap7-jackson-core-2.12.7-1.redhat_00003.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},
      {'reference':'eap7-jackson-databind-2.12.7-1.redhat_00003.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},
      {'reference':'eap7-jackson-datatype-jdk8-2.12.7-1.redhat_00003.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},
      {'reference':'eap7-jackson-datatype-jsr310-2.12.7-1.redhat_00003.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},
      {'reference':'eap7-jackson-jaxrs-base-2.12.7-1.redhat_00003.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},
      {'reference':'eap7-jackson-jaxrs-json-provider-2.12.7-1.redhat_00003.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},
      {'reference':'eap7-jackson-module-jaxb-annotations-2.12.7-1.redhat_00003.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},
      {'reference':'eap7-jackson-modules-base-2.12.7-1.redhat_00003.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},
      {'reference':'eap7-jackson-modules-java8-2.12.7-1.redhat_00003.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},
      {'reference':'eap7-javaee-security-soteria-1.0.1-3.redhat_00003.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},
      {'reference':'eap7-javaee-security-soteria-enterprise-1.0.1-3.redhat_00003.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},
      {'reference':'eap7-jboss-ejb-client-4.0.49-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},
      {'reference':'eap7-jboss-jsf-api_2.3_spec-3.0.0-6.SP07_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},
      {'reference':'eap7-jboss-jsp-api_2.3_spec-2.0.0-3.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},
      {'reference':'eap7-jboss-remoting-5.0.27-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},
      {'reference':'eap7-jboss-server-migration-1.10.0-24.Final_redhat_00023.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},
      {'reference':'eap7-jboss-server-migration-cli-1.10.0-24.Final_redhat_00023.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},
      {'reference':'eap7-jboss-server-migration-core-1.10.0-24.Final_redhat_00023.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},
      {'reference':'eap7-jettison-1.5.2-1.redhat_00002.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},
      {'reference':'eap7-undertow-2.2.22-1.SP3_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},
      {'reference':'eap7-undertow-server-1.9.3-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},
      {'reference':'eap7-wildfly-7.4.9-4.GA_redhat_00003.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},
      {'reference':'eap7-wildfly-elytron-1.15.16-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},
      {'reference':'eap7-wildfly-elytron-tool-1.15.16-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},
      {'reference':'eap7-wildfly-javadocs-7.4.9-4.GA_redhat_00003.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},
      {'reference':'eap7-wildfly-modules-7.4.9-4.GA_redhat_00003.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},
      {'reference':'eap7-woodstox-core-6.4.0-1.redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'}
    ]
  }
];

var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);

var flag = 0;
foreach var constraint_array ( constraints ) {
  var repo_relative_urls = NULL;
  if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
  foreach var pkg ( constraint_array['pkgs'] ) {
    var reference = NULL;
    var _release = NULL;
    var sp = NULL;
    var _cpu = NULL;
    var el_string = NULL;
    var rpm_spec_vers_cmp = NULL;
    var epoch = NULL;
    var allowmaj = NULL;
    var exists_check = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (reference &&
        _release &&
        rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
        (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
        rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  var extra = NULL;
  if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();
  else extra = rpm_report_get() + redhat_report_package_caveat();
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : extra
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'eap7-apache-sshd / eap7-hal-console / eap7-hibernate-search / etc');
}
VendorProductVersionCPE
redhatenterprise_linux9cpe:/o:redhat:enterprise_linux:9
redhatenterprise_linuxeap7-apache-sshdp-cpe:/a:redhat:enterprise_linux:eap7-apache-sshd
redhatenterprise_linuxeap7-hal-consolep-cpe:/a:redhat:enterprise_linux:eap7-hal-console
redhatenterprise_linuxeap7-hibernate-searchp-cpe:/a:redhat:enterprise_linux:eap7-hibernate-search
redhatenterprise_linuxeap7-hibernate-search-backend-jgroupsp-cpe:/a:redhat:enterprise_linux:eap7-hibernate-search-backend-jgroups
redhatenterprise_linuxeap7-hibernate-search-backend-jmsp-cpe:/a:redhat:enterprise_linux:eap7-hibernate-search-backend-jms
redhatenterprise_linuxeap7-hibernate-search-enginep-cpe:/a:redhat:enterprise_linux:eap7-hibernate-search-engine
redhatenterprise_linuxeap7-hibernate-search-ormp-cpe:/a:redhat:enterprise_linux:eap7-hibernate-search-orm
redhatenterprise_linuxeap7-hibernate-search-serialization-avrop-cpe:/a:redhat:enterprise_linux:eap7-hibernate-search-serialization-avro
redhatenterprise_linuxeap7-ironjacamarp-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar
Rows per page:
1-10 of 391

References

Related

redhat 18
nessus 43
hackerone 1
amazon 2
ics 1
ibm 73
almalinux 2
centos 1
oraclelinux 4
osv 11
rocky 2
laminas 1
atlassian 6
altlinux 1
rubygems 1
ubuntu 1
debian 4
jvn 1
github 3
f5 1
ubuntucve 1
debiancve 1
cve 1
prion 1
gitlab 1
checkpoint_advisories 1
openvas 6
gentoo 1
hp 1
fedora 1
attackerkb 2
joomla 1
suse 1
githubexploit 2
drupal 1
redhat
redhat
(RHSA-2023:0553) Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update
2023-01-31 13:04:53
(RHSA-2023:0554) Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update
2023-01-31 13:05:09
(RHSA-2023:0552) Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update
2023-01-31 13:04:41
nessus
nessus
RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.9 Security update (Important) (RHSA-2023:0552)
2023-01-31 00:00:00
RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.9 Security update (Important) (RHSA-2023:0553)
2023-01-31 00:00:00
Oracle Linux 7 : ipa (ELSA-2020-3936)
2023-09-07 00:00:00
hackerone
hackerone
Sifchain: Vulnerable javascript dependency at Main domain
2021-05-07 20:48:11
amazon
amazon
Medium: ipa
2020-10-22 17:40:00
Important: jettison
2023-06-07 23:52:00
ics
ics
Mitsubishi Electric EcoWebServerIII
2022-02-24 12:00:00
ibm
ibm
Security Bulletin: Vulnerability in jQuery affects IBM Process Mining (Multiple CVEs)
2023-02-01 21:57:35
Security Bulletin: Multiple vulnerabilities found in third party libraries used by IBM® MobileFirst Platform
2023-04-19 17:26:48
Security Bulletin: jQuery included in ITNM is vulnerable to Cross-site Scripting (XSS) attacks (multiple vulnerabilities)
2023-01-05 15:14:50
almalinux
almalinux
Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update
2020-11-03 12:25:36
Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
2020-11-03 12:29:58
centos
centos
ipa, python2 security update
2020-10-20 18:15:27
oraclelinux
oraclelinux
idm:DL1 and idm:client security, bug fix, and enhancement update
2020-11-10 00:00:00
ipa security, bug fix, and enhancement update
2020-10-06 00:00:00
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
2020-11-10 00:00:00
osv
osv
Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update
2020-11-03 12:25:36
Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update
2020-11-03 12:25:36
libjettison-java vulnerabilities
2023-06-19 11:39:43
rocky
rocky
idm:DL1 and idm:client security, bug fix, and enhancement update
2020-11-03 12:25:36
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
2020-11-03 12:29:58
laminas
laminas
XSS vectors in laminas-api-tools/api-tools
2020-04-01 21:30:00
atlassian
atlassian
Update jQuery to avoid CVE-2020-11022, CVE-2020-11023, and CVE-2015-9251
2021-02-16 18:28:38
Jira uses vulnerable jQuery version CVE-2015-9251
2020-04-20 13:29:57
Update jQuery to avoid CVE-2020-11022 and CVE-2020-11023
2021-02-02 09:59:24
altlinux
altlinux
Security fix for the ALT Linux 9 package phpipam version 1.42.027-alt1
2020-10-21 00:00:00
rubygems
rubygems
XSS vulnerabilities via data-parent, data-target, data-container in bootstrap
2018-07-02 21:00:00
ubuntu
ubuntu
Jettison vulnerabilities
2023-06-19 00:00:00
debian
debian
[SECURITY] [DSA 5312-1] libjettison-java security update
2023-01-10 23:10:35
[SECURITY] [DLA 2608-1] jquery security update
2021-03-26 01:32:22
[SECURITY] [DSA 4693-1] drupal7 security update
2020-05-26 21:08:21
jvn
jvn
JVN#06527859: KinagaCMS vulnerable to cross-site scripting
2019-03-15 00:00:00
github
github
Bootstrap Cross-site Scripting vulnerability
2018-09-13 15:50:32
Bootstrap Cross-site Scripting vulnerability
2018-09-13 15:49:56
Bootstrap Cross-site Scripting vulnerability
2019-01-17 13:57:27
f5
f5
K000133673 : Bootstrap vulnerability CVE-2016-10735
2023-04-27 00:00:00
ubuntucve
ubuntucve
CVE-2016-10735
2019-01-09 00:00:00
debiancve
debiancve
CVE-2016-10735
2019-01-09 05:29:00
cve
cve
CVE-2016-10735
2019-01-09 05:29:00
prion
prion
Code injection
2019-01-09 05:29:00
gitlab
gitlab
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
2019-01-09 00:00:00
checkpoint_advisories
checkpoint_advisories
jQuery Cross Site Scripting (CVE-2020-11022; CVE-2020-11023)
2020-11-16 00:00:00
openvas
openvas
Drupal 7.x, 8.x jQuery XSS Vulnerabilities (SA-CORE-2020-002) (Linux)
2020-06-19 00:00:00
Fedora: Security Advisory for drupal8 (FEDORA-2020-36d2db5f51)
2020-06-23 00:00:00
Discourse < 2.5.0.beta5 Multiple Vulnerabilities
2020-05-28 00:00:00
gentoo
gentoo
FasterXML jackson-databind: Multiple vulnerabilities
2022-10-31 00:00:00
hp
hp
HPSBPI03688 rev. 1 - Certain HP Printer and MFP products - Cross-Site Scripting (XSS)
2020-09-17 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: drupal8-8.9.0-1.fc32
2020-06-16 01:32:24
attackerkb
attackerkb
CVE-2020-11023
2020-04-29 00:00:00
CVE-2020-11022
2020-04-29 00:00:00
joomla
joomla
[20200604] - Core - XSS in jQuery.htmlPrefilter
2020-04-10 00:00:00
suse
suse
Security update for otrs (moderate)
2020-11-10 00:00:00
githubexploit
githubexploit
Exploit for Cross-site Scripting in Jquery
2021-10-16 01:10:33
Exploit for Cross-site Scripting in Jquery
2020-04-14 19:12:01
drupal
drupal
Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2020-002
2020-05-20 00:00:00
JSON
Related for REDHAT-RHSA-2023-0554.NASL
redhat18nessus43hackerone1amazon2ics1ibm73almalinux2centos1oraclelinux4osv11rocky2laminas1atlassian6altlinux1rubygems1ubuntu1debian4jvn1github3f51ubuntucve1debiancve1cve1prion1gitlab1checkpoint_advisories1openvas6gentoo1hp1fedora1attackerkb2joomla1suse1githubexploit2drupal1