Vulners
Lucene search
Linux Distros Unpatched Vulnerability : CVE-2023-24815
🗓️ 05 Mar 2025 00:00:00Reported by This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.Type 
nessus🔗 www.tenable.com👁 8 Views
| Reporter | Title | Published | Views | Family All 21 |
|---|---|---|---|---|
 | Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs | 26 Mar 202503:38 | – | ibm |
| Security Bulletin: Eclipse Vert.x-Web component is vulnerable to CVE-2023-24815 is used by IBM Maximo Application Suite | 6 Sep 202317:51 | – | ibm |
| Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for August 2023 | 1 Sep 202319:56 | – | ibm |
 | CVE-2023-24815 | 10 Feb 202303:27 | – | circl |
 | Eclipse Vertx-web 路径遍历漏洞 | 9 Feb 202300:00 | – | cnnvd |
 | CVE-2023-24815 | 9 Feb 202317:36 | – | cve |
 | CVE-2023-24815 Disclosure of classpath resources on Windows when mounted on a wildcard route in vertx-web | 9 Feb 202317:36 | – | cvelist |
 | EUVD-2023-0626 | 3 Oct 202520:07 | – | euvd |
 | StaticHandler disclosure of classpath resources on Windows when mounted on a wildcard route | 10 Feb 202303:27 | – | github |
 | CVE-2023-24815 | 9 Feb 202318:15 | – | nvd |
10
| Source | Link |
|---|---|
| cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(227017);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2025/03/05");
script_cve_id("CVE-2023-24815");
script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2023-24815");
script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.
- Vert.x-Web is a set of building blocks for building web applications in the java programming language.
When running vertx web applications that serve files using `StaticHandler` on Windows Operating Systems
and Windows File Systems, if the mount point is a wildcard (`*`) then an attacker can exfiltrate any class
path resource. When computing the relative path to locate the resource, in case of wildcards, the code:
`return / + rest;` from `Utils.java` returns the user input (without validation) as the segment to
lookup. Even though checks are performed to avoid escaping the sandbox, given that the input was not
sanitized `\` are not properly handled and an attacker can build a path that is valid within the
classpath. This issue only affects users deploying in windows environments and upgrading is the advised
remediation path. There are no known workarounds for this vulnerability. (CVE-2023-24815)
Note that Nessus relies on the presence of the package as reported by the vendor.");
script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
script_set_attribute(attribute:"agent", value:"unix");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-24815");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vendor_unpatched", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/02/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2025/03/05");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info2.nasl");
script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched");
script_require_ports("Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include('vdf.inc');
# @tvdl-content
var vuln_data = {
"metadata": {
"spec_version": "1.0p"
},
"requires": [
{
"scope": "scan_config",
"match": {
"vendor_unpatched": true
}
},
{
"scope": "target",
"match": {
"os": "linux"
}
}
],
"report": {
"report_type": "unpatched"
},
"checks": [
{
"product": {
"name": "vertx-web",
"type": "rpm_package"
},
"check_algorithm": "rpm",
"constraints": [
{
"requires": [
{
"scope": "target",
"match": {
"distro": "redhat"
}
},
{
"scope": "target",
"match": {
"os_version": "6"
}
}
]
}
]
}
]
};
var vdf_res = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_WARNING);
vdf::handle_check_and_report_errors(vdf_result: vdf_res);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
05 Mar 2025 00:00Current
6.8Medium risk
Vulners AI Score6.8
CVSS 3.14.8 - 5.3
EPSS0.00354
SSVC