Elasticsearch 6.4.0, 6.4.1, 6.4.2 Information Disclosure Vulnerability - Linux

# SPDX-FileCopyrightText: 2018 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if( description )
{
  script_oid("1.3.6.1.4.1.25623.1.0.113297");
  script_version("2024-02-15T05:05:40+0000");
  script_tag(name:"last_modification", value:"2024-02-15 05:05:40 +0000 (Thu, 15 Feb 2024)");
  script_tag(name:"creation_date", value:"2018-11-13 15:00:33 +0200 (Tue, 13 Nov 2018)");
  script_tag(name:"cvss_base", value:"4.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:P/I:N/A:N");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2019-10-09 23:36:00 +0000 (Wed, 09 Oct 2019)");

  script_tag(name:"qod_type", value:"remote_banner_unreliable");

  script_tag(name:"solution_type", value:"VendorFix");

  script_cve_id("CVE-2018-17244");

  script_name("Elasticsearch 6.4.0, 6.4.1, 6.4.2 Information Disclosure Vulnerability - Linux");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2018 Greenbone AG");
  script_family("Web application abuses");
  script_dependencies("gb_elastic_elasticsearch_detect_http.nasl", "os_detection.nasl");
  script_mandatory_keys("elastic/elasticsearch/detected", "Host/runs_unixoide");

  script_tag(name:"summary", value:"Elasticsearch is prone to an information disclosure vulnerability.");
  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
  script_tag(name:"insight", value:"A request may receive headers intended for another request if the same
  username is being authenticated concurrently. When used with run as,
  this can result in the request running as the incorrect user. This
  could allow a user to access information that they should not have access to.");
  script_tag(name:"affected", value:"Elasticsearch versions 6.4.0, 6.4.1 and 6.4.2.");
  script_tag(name:"solution", value:"Update to version 6.4.3.");

  script_xref(name:"URL", value:"https://discuss.elastic.co/t/elastic-stack-6-4-3-and-5-6-13-security-update/155594");

  exit(0);
}

CPE = "cpe:/a:elastic:elasticsearch";

include( "host_details.inc" );
include( "version_func.inc" );

if( ! port = get_app_port( cpe: CPE ) ) exit( 0 );
if( ! version = get_app_version( cpe: CPE, port: port ) ) exit( 0 );

if( version_in_range( version: version, test_version: "6.4.0", test_version2: "6.4.2" ) ) {
  report = report_fixed_ver( installed_version: version, fixed_version: "6.4.3" );
  security_message( data: report, port: port );
  exit( 0 );
}

exit( 99 );