Symantec Content Analysis < 2.3.5.1 affected by Multiple Vulnerabilities (SYMSA1419)

2019-05-3100:00:00

www.tenable.com

The version of Symantec Content Analysis running on the remote host is prior to version 2.3.5.1. It is, therefore, affected by multiple vulnerabilities:

- A bug in the handling of the pipelined requests in       Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12,       8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to       6.0.52, when send file was used, results in the       pipelined request being lost when send file processing       of the previous request completed. This could result       in responses appearing to be sent for the wrong       request. (CVE-2017-5647)

- The error page mechanism of the Java Servlet       Specification requires that, when an error occurs       and an error page is configured for the error that       occurred, the original request and response are       forwarded to the error page. This means that the       request is presented to the error page with the       original HTTP method. If the error page is a       static file, expected behaviour is to serve       content of the file as if processing a GET       request, regardless of the actual HTTP method.
  (CVE-2017-5664)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{ 
  script_id(125633);
  script_version("1.2");
  script_cvs_date("Date: 2019/10/30 13:24:46");

  script_cve_id("CVE-2017-5647", "CVE-2017-5664");
  script_bugtraq_id(98888);

  script_name(english:"Symantec Content Analysis < 2.3.5.1 affected by Multiple Vulnerabilities (SYMSA1419)");
  script_summary(english:"Checks the version of Symantec Content Analysis");

  script_set_attribute(attribute:"synopsis", value:
  "The remote host is running a version of Symantec Content Analysis that is
  affected by Multiple Vulnerabilities");
    script_set_attribute(attribute:"description", value:
  "The version of Symantec Content Analysis running on the
  remote host is prior to version 2.3.5.1. It is, therefore,
  affected by multiple vulnerabilities:

    - A bug in the handling of the pipelined requests in
      Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12,
      8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to
      6.0.52, when send file was used, results in the
      pipelined request being lost when send file processing
      of the previous request completed. This could result
      in responses appearing to be sent for the wrong
      request. (CVE-2017-5647)

    - The error page mechanism of the Java Servlet
      Specification requires that, when an error occurs
      and an error page is configured for the error that
      occurred, the original request and response are
      forwarded to the error page. This means that the
      request is presented to the error page with the
      original HTTP method. If the error page is a
      static file, expected behaviour is to serve
      content of the file as if processing a GET
      request, regardless of the actual HTTP method.
      (CVE-2017-5664)");
    # https://support.symantec.com/en_US/article.SYMSA1419.html
    script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7de884b8");
    script_set_attribute(attribute:"solution", value:
  "Refer to vendor advisory (Symantec SYMSA1419) for suggested
  workaround, or upgrade to an unaffected version.");
    script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
    script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
    script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
    script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
    script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-5664");
    script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

    script_set_attribute(attribute:"vuln_publication_date", value:"2017/06/06");
    script_set_attribute(attribute:"patch_publication_date", value:"2017/11/01");
    script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/31");

    script_set_attribute(attribute:"plugin_type", value:"local");
    script_set_attribute(attribute:"cpe", value:"x-cpe:/h:symantec:content_analysis");
    script_set_attribute(attribute:"cpe", value:"x-cpe:/h:bluecoat:content_analysis");
    script_end_attributes();

    script_category(ACT_GATHER_INFO);
    script_family(english:"Misc.");

    script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

    script_dependencies("symantec_content_analysis_local_detect.nbin");
    script_require_keys("installed_sw/Symantec Content Analysis");

    exit(0);
}

include('audit.inc');
include('global_settings.inc');
include('misc_func.inc');
include('vcf.inc');

app_name = 'Symantec Content Analysis';

app_info = vcf::get_app_info(app:app_name, port:0);

constraints = [
  {'min_version': '1.3', 'max_version': '1.4', 'fixed_display': 'Refer to vendor advisory.' },
  {'min_version': '2.1', 'max_version': '2.2', 'fixed_display': 'Refer to vendor advisory.' },
  {'min_version': '2.2', 'max_version': '2.3', 'fixed_display': 'Refer to vendor advisory.' },
  {'min_version': '2.3', 'fixed_version' : '2.3.5.1'}
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);

VendorProductVersionCPE
symanteccontent_analysisx-cpe:/h:symantec:content_analysis
bluecoatcontent_analysisx-cpe:/h:bluecoat:content_analysis

Vendor	Product	Version	CPE
symantec	content_analysis		x-cpe:/h:symantec:content_analysis
bluecoat	content_analysis		x-cpe:/h:bluecoat:content_analysis

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5647

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5664

www.nessus.org/u?7de884b8

JSON

Related for SYMANTEC_CONTENT_ANALYSIS_SYMSA1419.NASL