{"id": "OPENVAS:1361412562310851734", "type": "openvas", "bulletinFamily": "scanner", "title": "openSUSE: Security Advisory for virtualbox (openSUSE-SU-2018:1057-1)", "description": "The remote host is missing an update for the ", "published": "2018-04-25T00:00:00", "modified": "2020-01-31T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851734", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-36781", "https://lists.opensuse.org/opensuse-security-announce/2018-04/msg00069.html", "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", "2018:1057-1"], "cvelist": ["CVE-2018-2836", "CVE-2017-9798", "CVE-2018-2860", "CVE-2018-2844", "CVE-2018-2842", "CVE-2018-2835", "CVE-2018-2845", "CVE-2017-3737", "CVE-2018-2837", "CVE-2018-0739", "CVE-2018-2831", "CVE-2018-2830", "CVE-2018-2843"], "lastseen": "2020-01-31T17:40:05", "viewCount": 12, "enchantments": {"dependencies": {"references": [{"type": "aix", "idList": ["OPENSSL_ADVISORY25.ASC", "OPENSSL_ADVISORY26.ASC"]}, {"type": "amazon", "idList": ["ALAS-2017-896", "ALAS-2018-1016", "ALAS-2018-1065", "ALAS-2018-1069", "ALAS-2018-1070", "ALAS-2018-1102", "ALAS2-2018-1004", "ALAS2-2018-1102"]}, {"type": "apple", "idList": ["APPLE:B7AA5B9368DE4BD135A602B017EB0259", "APPLE:HT208331"]}, {"type": "archlinux", "idList": ["ASA-201709-15", "ASA-201712-11", "ASA-201804-2"]}, {"type": "attackerkb", "idList": ["AKB:D0F5AA2A-4D99-41A6-9F83-6D0EA1AD01FC"]}, {"type": "avleonov", "idList": ["AVLEONOV:101A90D5F21CD7ACE01781C2913D1B6D"]}, {"type": "centos", "idList": ["CESA-2017:2882", "CESA-2017:2972", "CESA-2018:0998", "CESA-2018:3090", "CESA-2018:3221"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2017-0774", "CPAI-2017-0896"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:78350CC978808A6C42CDCB2451BF30F4"]}, {"type": "cloudlinux", "idList": ["CLSA-2021:1632262317"]}, {"type": "cve", "idList": ["CVE-2017-15896", "CVE-2017-3737", "CVE-2017-9798", "CVE-2018-0739", "CVE-2018-2830", "CVE-2018-2831", "CVE-2018-2835", "CVE-2018-2836", "CVE-2018-2837", "CVE-2018-2842", "CVE-2018-2843", "CVE-2018-2844", "CVE-2018-2845", "CVE-2018-2860"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1102-1:511F7", "DEBIAN:DLA-1102-1:7F277", "DEBIAN:DLA-1330-1:A6756", "DEBIAN:DSA-3980-1:6FBEB", "DEBIAN:DSA-3980-1:C7ED3", "DEBIAN:DSA-4065-1:A75E5", "DEBIAN:DSA-4157-1:5A16B", "DEBIAN:DSA-4157-1:D7BEA", "DEBIAN:DSA-4158-1:43C61", "DEBIAN:DSA-4158-1:561AF"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-15896", "DEBIANCVE:CVE-2017-3737", "DEBIANCVE:CVE-2017-9798", "DEBIANCVE:CVE-2018-0739", "DEBIANCVE:CVE-2018-2830", "DEBIANCVE:CVE-2018-2831", "DEBIANCVE:CVE-2018-2835", "DEBIANCVE:CVE-2018-2836", "DEBIANCVE:CVE-2018-2837", "DEBIANCVE:CVE-2018-2842", "DEBIANCVE:CVE-2018-2843", "DEBIANCVE:CVE-2018-2844", "DEBIANCVE:CVE-2018-2845", "DEBIANCVE:CVE-2018-2860"]}, {"type": "exploitdb", "idList": ["EDB-ID:42745", "EDB-ID:45372"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:C8C256BE0BFF5FE1C0405CB0AA9C075D", "EXPLOITPACK:D9276C7F60D6CECB06FC28389FF1B36D"]}, {"type": "f5", "idList": ["F5:K08044291", "F5:K18364001", "F5:K43452233", "F5:K70084351"]}, {"type": "fedora", "idList": ["FEDORA:0240B604B381", "FEDORA:092E9605F081", "FEDORA:63AEC601CFBA", "FEDORA:68D44601BD0C", "FEDORA:7B564604AACC", "FEDORA:A9847604E850", "FEDORA:ACC466324C7C", "FEDORA:B4E3C6062CB4", "FEDORA:B5C736087A8D", "FEDORA:B98866076020", "FEDORA:BFACF60A35B3"]}, {"type": "freebsd", "idList": ["3BB451FC-DB64-11E7-AC58-B499BAEBFEAF", "76B085E2-9D33-11E7-9260-000C292EE6B8", "909BE51B-9B3B-11E8-ADD2-B499BAEBFEAF", "9F7A0F39-DDC0-11E7-B5AF-A4BADB2F4699", "B7CFF5A9-31CC-11E8-8F07-B499BAEBFEAF", "BEA84A7A-E0C9-11E7-B4F3-11BAA0C2DF21"]}, {"type": "gentoo", "idList": ["GLSA-201710-32", "GLSA-201712-03", "GLSA-201805-08", "GLSA-201811-21", "GLSA-202007-53"]}, {"type": "hackerone", "idList": ["H1:269568"]}, {"type": "httpd", "idList": ["HTTPD:6236A32987BAE49DFBF020477B1278DD", "HTTPD:7DDAAFDB1FD8B2E7FD36ADABA5DB6DAA"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20180613-01-OPENSSL"]}, {"type": "ibm", "idList": ["0A251B57941452CDFD64C031582A8D13D6719AEDB99EBF965740CC5E04A717D6", "0A3CB536625237AF6E1A39B78799B41B9AF062894DA038E4F769071D72640FDB", "0D7A334726D7F8214BDF965C6B0ED351221CB7A9A083042878EB2C3CB193A50A", "0EB149242AF86C92359FD2819FE5CA2FA94AAA9A6E3A7381956968DD540CEF70", "12C657CCB040A2D71F5E7B37692A10A6A4BAA07FBFEAADA8E6F9A5BCFCFD9FAB", "15B7946476C14969EFBB158D48A2E631603F1323E17E2D4BDC13FB3B86B3B63B", "17334E2B2E377127A3DB9D8D2B3D751E05E47C0A957D29E8C9C6DB01E922B894", "1AE3C39E2B04171FD23F21949F6202B367042F6DC07FB81BDC1E886F25C20936", "1D18DE555FB91F29F8BBC3532E15A21A7A5DE61EF8C2DB29C73E6BDCF4F0E604", "1EBC77DA43FD0C2AC1B3FBFCD06096623AB926F98B7AC6367589E5222F2115BC", "1F0E769E02EDA03664C1D0694AF70B26BFB7E4DBC4D96E353B0F8FCBDA767545", "21781046737819F9BECB0172803EAC75FA331A489C94879B0B9D69C572F33FCF", "2571018C4333BB3F6C19EC9F2B6BB5326A2BDD39E6D8AFC796E89DE41BBABC6B", "2BEBB38964CEA4B62F9F2515093252761533127501B62DEFAAC8D801CC37ED8F", "3495F9B812339D5B1BD78637C1F420145AAD93AFB44B6E35782DE0160CF7211B", "381B76F53A26572A7C476380F44421473D669346B3F00F995B318188F2D2B793", "38CCAB39CAFB6C2CE3724A92B67DF0EB31883A90C9A3CCC11561802DAE51A944", "3E3AF8AC7BA63076BEE8FFB670B3A3F27E0903C83526E54496E50EB2DF74B875", "3F517C6EB3F580D15A8688927C2FEDE369F340156A939E9A19A6F6469765380E", "3F709EA726EB2BD99A9BF0A52B5FBF758B042727BAB188CBB7DC446E3FE28E4C", "40E849000289F14BA4EAA8A0BFBD0324AC59A18BA17D9C7411EF7F2C82E2F403", "437063148C0599A3C3F1CECB075FB83EAFC46606410F01E39088624674767E08", "4829928E4C7715561CB19AF103394931A0114E34E269A614FDFFC77D2F61D9C7", "59AFB6B22B3D21FAFDC933DA29973F4C6887013B5320E839F5B0B140E8DDA7D1", "5A23BE34322F36780B2821378B1628B3331997E99E3A9C4B3B0067399EEBC3F5", "5B64BCE3EE0E68F7C1E61B0134954FDB115D5AD76AD549C8F967018D7BA777A6", "5F372B6F223ABF2FD142C3E3D01925FD31F6969DB13DA5F9B4220059E5854A64", "62E7A719C331FCAB47075BA0B9A2AFE666ABEF25DA19EDB1572CD3B9D2B9095E", "654F3603785F612FCB89C4655C367EC60F72994A083FCDAAF1A7F63C68137F21", "6A663A681263595D2882F213BE03BB05AA8F62FFCCF602AF57E6778E2E499DB8", "70D8566E5246B3550B562DC69BD9E44914B7C5D0DCD3C21264DA9CD5683C56E6", "75AE9D4CB9FE02C082FC4424DBD420EA2EAC4CD4BCE0C4E376DC8DEE1119F8D3", "765EE754DDB2AFC25A4F81B453619E8DE782835F4B2ACED4DF8CE43B5D4C10B8", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "825B52995DBE90672BBA09CCFBDD51925814B984495E8E740D466D1C921FE61C", "853CEBE4F06FD3A5C0463E8330A070AE32FCC86552F66DF27BFA39F37FB08C35", "86D355F68F85D65B3FD45457F96CAF7864164018AA27439D7F53F3145DFF6AB4", "8759A08F8DCE05EB5B0136A785BCAFCDBFE613A7D435C0FA20FDB4424A7CAC70", "8A242C548ADF3E615FE6BA32C7E6F5B2DB8B1FA250ABF2329DC20A0FB32D3700", "91C10A77460E47F53661352C6380E6E959F0A94B552C3AE3314BBEC480C0AD09", "94533C1AEDE627C97E171FC1339661B263CF1EA6678274080F922CA0E372274C", "94B3EC63956148268E5D16E07FE76E71DA01EB7625BA7498384CCAD5794DE007", "9689CC781FFB77A68D0808F73F4652707DF84089948BC46748A94D94E9B86E90", "972701C7DC1452FBCF01B7BFE4A7289076C9DC38C28E80665321248205EAAF12", "99C4FE5226D6D4C3DFB065D997F2D2D168A50F2B090813B4AFFCC6BF971F9576", "A4829964562D4DA75AC835389538AF91BE820F503BFE614BB74E402BC80BACA1", "B05329785ED4441E67419C72F4E8D5EFB095312F0129B7DAC17DB1F2F0780EEC", "B37FB96EE4FA4B06328DA641D49120233F6F6FC031E87E5A21A71F34BB882B42", "B5FF3A0A4BEBE5C4947ADA43EB1B39C0645EF9ABEBE4A315AFFAEB9638C6CB41", "C31436DA6C1FDD78E2ECB68688AFD20C432119CDF718A53729D0F429AE0174AA", "C493462547813E2D896F759039078514A13F0934C26044CBC7F658187CF3E4C0", "C52E4F43633A26DE3EC912F6665C082BAA08696723A69DA841FA0065F135AD79", "C88FD4D469A35327F18A441E0F6F16137E5E2FA23925AE0EC11E2F76B3D0967E", "CBAD9A5D72D7476363185541BD693344F4EEB28C6708F8A48B2849B3FD618351", "CC5089F9744A6B5AF776C8A1234A9BCA32E0798D396B5C631C8D215B02EA08AB", "CD1271F65919F0A27ABAC5D2FB90AF847030089BEFBA36FA40622E14F85284D4", "CF5AE1AC4D7F12352FB77F91CC5048FC41163311A15377504B06C6A053ADC4D7", "CF99691D618EB1EA9A8A075EF91665712165EA871FA9FCC7A423963F869D124A", "D272B1ACFC08FB00F71DAECEAF120EF8F47B4AA0F575849F81F09FF6E35CBFB5", "DAD5A8456E75C3E0D61A94AD852443D8D2F457AD466BC30FEDC9E8F6256B0E5E", "E321CD2FAD2352A58756D698FB9F6AEEA2D5866CC41E10025794D036A188BF76", "E515D9AE5ED3FEB7BDBAF35D90286D2E963A5E50F83A19555DC0BA545BE5A8E7", "E79BC6C34DAD829FAB4182BB79212B7400A2BCB673A1FFCDE7E446FA6EFAF11B", "E8A9D3E9EB263B8252AC392A110C5699C152EBE388EA85E79DC45D6A3DA9A738", "F09AD94B48DEE6804F3C9AEE48EB9BA274CE6A40FCE684B18CF3D4B1944D4CCE", "FD54ED57D0984C8885C877F9181732A5619A1E525F7855FB4A72EC63053B7375", "FD98647DA723C33CDEC38C52B57AE83B49EBDE217212120E05428E998223B712", "FDE8E9C242ED2D257B3BCF9E013CB6CFC32441C70BF5803FE16A714EDE9E7DFB", "FEDE4F7915CF8E683DBC7AB56D68872D5740EF9C5D19FED52B140130771052A2"]}, {"type": "ics", "idList": ["ICSA-18-226-02"]}, {"type": "kaspersky", "idList": ["KLA11236"]}, {"type": "kitploit", "idList": ["KITPLOIT:5052987141331551837"]}, {"type": "mageia", "idList": ["MGASA-2017-0453", "MGASA-2018-0007", "MGASA-2018-0009", "MGASA-2018-0190", "MGASA-2018-0257", "MGASA-2018-0339"]}, {"type": "nessus", "idList": ["700513.PRM", "700523.PRM", "700620.PRM", "700625.PRM", "700627.PRM", "700629.PRM", "AIX_OPENSSL_ADVISORY25.NASL", "AIX_OPENSSL_ADVISORY26.NASL", "AL2_ALAS-2018-1004.NASL", "AL2_ALAS-2018-1102.NASL", "ALA_ALAS-2017-896.NASL", "ALA_ALAS-2018-1016.NASL", "ALA_ALAS-2018-1065.NASL", "ALA_ALAS-2018-1069.NASL", "ALA_ALAS-2018-1070.NASL", "ALA_ALAS-2018-1102.NASL", "APACHE_2_4_28.NASL", "CENTOS_RHSA-2017-2882.NASL", "CENTOS_RHSA-2017-2972.NASL", "CENTOS_RHSA-2018-0998.NASL", "CENTOS_RHSA-2018-3090.NASL", "CENTOS_RHSA-2018-3221.NASL", "DEBIAN_DLA-1102.NASL", "DEBIAN_DLA-1330.NASL", "DEBIAN_DSA-3980.NASL", "DEBIAN_DSA-4065.NASL", "DEBIAN_DSA-4157.NASL", "DEBIAN_DSA-4158.NASL", "EULEROS_SA-2017-1252.NASL", "EULEROS_SA-2017-1253.NASL", "EULEROS_SA-2018-1115.NASL", "EULEROS_SA-2018-1179.NASL", "EULEROS_SA-2018-1392.NASL", "EULEROS_SA-2018-1420.NASL", "EULEROS_SA-2019-1009.NASL", "EULEROS_SA-2019-1185.NASL", "EULEROS_SA-2019-1201.NASL", "EULEROS_SA-2019-1389.NASL", "EULEROS_SA-2019-1400.NASL", "EULEROS_SA-2019-1419.NASL", "EULEROS_SA-2019-1546.NASL", "EULEROS_SA-2021-2542.NASL", "EULEROS_SA-2021-2566.NASL", "EULEROS_SA-2021-2758.NASL", "EULEROS_SA-2021-2785.NASL", "FEDORA_2017-A52F252521.NASL", "FEDORA_2017-FDD3A98E8F.NASL", "FEDORA_2018-1B4F1158E2.NASL", "FEDORA_2018-2F696A3BE3.NASL", "FEDORA_2018-39E0872379.NASL", "FEDORA_2018-40DC8B8B16.NASL", "FEDORA_2018-49651B2236.NASL", "FEDORA_2018-76AFAF1961.NASL", "FEDORA_2018-9490B422E7.NASL", "FEDORA_2018-9D667BDFF8.NASL", "FREEBSD_PKG_3BB451FCDB6411E7AC58B499BAEBFEAF.NASL", "FREEBSD_PKG_76B085E29D3311E79260000C292EE6B8.NASL", "FREEBSD_PKG_909BE51B9B3B11E8ADD2B499BAEBFEAF.NASL", "FREEBSD_PKG_9F7A0F39DDC011E7B5AFA4BADB2F4699.NASL", "FREEBSD_PKG_B7CFF5A931CC11E88F07B499BAEBFEAF.NASL", "FREEBSD_PKG_BEA84A7AE0C911E7B4F311BAA0C2DF21.NASL", "GENTOO_GLSA-201710-32.NASL", "GENTOO_GLSA-201712-03.NASL", "GENTOO_GLSA-201805-08.NASL", "GENTOO_GLSA-201811-21.NASL", "GENTOO_GLSA-202007-53.NASL", "IBM_HTTP_SERVER_298437.NASL", "IBM_TEM_9_5_10.NASL", "JUNIPER_NSM_JSA10851.NASL", "JUNIPER_SPACE_JSA_10838.NASL", "MACOSX_SECUPD2017-005.NASL", "MACOS_10_13_2.NASL", "MYSQL_5_6_39.NASL", "MYSQL_5_6_39_RPM.NASL", "MYSQL_5_6_41_RPM.NASL", "MYSQL_5_7_21.NASL", "MYSQL_5_7_21_RPM.NASL", "MYSQL_5_7_23.NASL", "MYSQL_5_7_23_RPM.NASL", "MYSQL_8_0_12.NASL", "MYSQL_8_0_12_RPM.NASL", "MYSQL_ENTERPRISE_MONITOR_3_4_8.NASL", "MYSQL_ENTERPRISE_MONITOR_4_0_4_5233.NASL", "NEWSTART_CGSL_NS-SA-2019-0033_OPENSSL.NASL", "NEWSTART_CGSL_NS-SA-2019-0065_OPENSSL.NASL", "NEWSTART_CGSL_NS-SA-2019-0066_OVMF.NASL", "NEWSTART_CGSL_NS-SA-2019-0118_HTTPD.NASL", "OPENSSL_1_0_2N.NASL", "OPENSSL_1_0_2O.NASL", "OPENSSL_1_1_0H.NASL", "OPENSUSE-2017-1083.NASL", "OPENSUSE-2017-1381.NASL", "OPENSUSE-2018-116.NASL", "OPENSUSE-2018-361.NASL", "OPENSUSE-2018-389.NASL", "OPENSUSE-2018-5.NASL", "OPENSUSE-2018-807.NASL", "OPENSUSE-2018-823.NASL", "OPENSUSE-2018-844.NASL", "OPENSUSE-2018-90.NASL", "OPENSUSE-2018-938.NASL", "OPENSUSE-2018-997.NASL", "OPENSUSE-2019-563.NASL", "ORACLELINUX_ELSA-2017-2882.NASL", "ORACLELINUX_ELSA-2017-2972.NASL", "ORACLELINUX_ELSA-2018-0998.NASL", "ORACLELINUX_ELSA-2018-3090.NASL", "ORACLELINUX_ELSA-2018-3221.NASL", "ORACLELINUX_ELSA-2018-4228.NASL", "ORACLEVM_OVMSA-2019-0040.NASL", "ORACLE_ENTERPRISE_MANAGER_JUL_2018_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_OCT_2018_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_APR_2019_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_JAN_2019_CPU.NASL", "ORACLE_HTTP_SERVER_CPU_JAN_2018.NASL", "ORACLE_MYSQL_CONNECTORS_CPU_JUL_2018.NASL", "ORACLE_PRIMAVERA_P6_EPPM_CPU_APR_2019.NASL", "ORACLE_PRIMAVERA_UNIFIER_CPU_APR_2019.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_APR_2018_CPU.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_JUL_2018_CPU.NASL", "ORACLE_TUXEDO_CPU_JUL_2018.NASL", "PALO_ALTO_PAN-SA-2018-0015.NASL", "PFSENSE_SA-17_11.NASL", "PHOTONOS_PHSA-2018-1_0-0097-A.NASL", "PHOTONOS_PHSA-2018-1_0-0097-A_OPENSSL.NASL", "PHOTONOS_PHSA-2018-2_0-0010-A.NASL", "PHOTONOS_PHSA-2018-2_0-0010-A_OPENSSL.NASL", "REDHAT-RHSA-2017-2882.NASL", "REDHAT-RHSA-2017-2972.NASL", "REDHAT-RHSA-2017-3113.NASL", "REDHAT-RHSA-2017-3193.NASL", "REDHAT-RHSA-2017-3194.NASL", "REDHAT-RHSA-2017-3195.NASL", "REDHAT-RHSA-2017-3240.NASL", "REDHAT-RHSA-2017-3476.NASL", "REDHAT-RHSA-2017-3477.NASL", "REDHAT-RHSA-2018-0998.NASL", "REDHAT-RHSA-2018-2185.NASL", "REDHAT-RHSA-2018-2186.NASL", "REDHAT-RHSA-2018-3090.NASL", "REDHAT-RHSA-2018-3221.NASL", "REDHAT-RHSA-2019-0367.NASL", "REDHAT-RHSA-2019-1711.NASL", "SECURITYCENTER_OPENSSL_1_0_2N.NASL", "SLACKWARE_SSA_2017-261-01.NASL", "SLACKWARE_SSA_2017-342-01.NASL", "SLACKWARE_SSA_2018-087-01.NASL", "SL_20171011_HTTPD_ON_SL7_X.NASL", "SL_20171019_HTTPD_ON_SL6_X.NASL", "SL_20180410_OPENSSL_ON_SL7_X.NASL", "SL_20181030_OPENSSL_ON_SL7_X.NASL", "SL_20181030_OVMF_ON_ON_SL7_X.NASL", "SUN_JAVA_WEB_SERVER_7_0_27.NASL", "SUSE_SU-2017-2542-1.NASL", "SUSE_SU-2017-2718-1.NASL", "SUSE_SU-2017-2756-1.NASL", "SUSE_SU-2017-2907-1.NASL", "SUSE_SU-2017-3343-1.NASL", "SUSE_SU-2018-0002-1.NASL", "SUSE_SU-2018-0053-1.NASL", "SUSE_SU-2018-0293-1.NASL", "SUSE_SU-2018-0902-1.NASL", "SUSE_SU-2018-0906-1.NASL", "SUSE_SU-2018-0925-1.NASL", "SUSE_SU-2018-0975-1.NASL", "SUSE_SU-2018-2072-1.NASL", "SUSE_SU-2018-2158-1.NASL", "SUSE_SU-2018-2683-1.NASL", "SUSE_SU-2020-0495-1.NASL", "UBUNTU_USN-3425-1.NASL", "UBUNTU_USN-3512-1.NASL", "UBUNTU_USN-3611-1.NASL", "VIRTUALBOX_5_2_10.NASL", "VIRTUOZZO_VZLSA-2017-2972.NASL", "WEB_APPLICATION_SCANNING_98913"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2017-3737", "OPENSSL:CVE-2018-0739"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310107260", "OPENVAS:1361412562310107268", "OPENVAS:1361412562310107831", "OPENVAS:1361412562310108252", "OPENVAS:1361412562310112048", "OPENVAS:1361412562310703980", "OPENVAS:1361412562310704065", "OPENVAS:1361412562310704157", "OPENVAS:1361412562310704158", "OPENVAS:1361412562310812035", "OPENVAS:1361412562310812045", "OPENVAS:1361412562310812401", "OPENVAS:1361412562310812648", "OPENVAS:1361412562310812649", "OPENVAS:1361412562310813302", "OPENVAS:1361412562310813303", "OPENVAS:1361412562310813304", "OPENVAS:1361412562310813712", "OPENVAS:1361412562310813713", "OPENVAS:1361412562310843313", "OPENVAS:1361412562310843401", "OPENVAS:1361412562310843487", "OPENVAS:1361412562310851665", "OPENVAS:1361412562310851688", "OPENVAS:1361412562310851840", "OPENVAS:1361412562310851845", "OPENVAS:1361412562310851869", "OPENVAS:1361412562310851888", "OPENVAS:1361412562310852013", "OPENVAS:1361412562310873446", "OPENVAS:1361412562310874313", "OPENVAS:1361412562310874318", "OPENVAS:1361412562310874349", "OPENVAS:1361412562310874356", "OPENVAS:1361412562310874436", "OPENVAS:1361412562310874832", "OPENVAS:1361412562310874838", "OPENVAS:1361412562310882784", "OPENVAS:1361412562310882791", "OPENVAS:1361412562310891102", "OPENVAS:1361412562310891330", "OPENVAS:1361412562311220171252", "OPENVAS:1361412562311220171253", "OPENVAS:1361412562311220181115", "OPENVAS:1361412562311220181179", "OPENVAS:1361412562311220181392", "OPENVAS:1361412562311220181420", "OPENVAS:1361412562311220191009", "OPENVAS:1361412562311220191185", "OPENVAS:1361412562311220191201", "OPENVAS:1361412562311220191389", "OPENVAS:1361412562311220191400", "OPENVAS:1361412562311220191419", "OPENVAS:1361412562311220191546"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2018", "ORACLE:CPUAPR2018-3678067", "ORACLE:CPUAPR2019", "ORACLE:CPUAPR2019-5072813", "ORACLE:CPUJAN2018", "ORACLE:CPUJAN2018-3236628", "ORACLE:CPUJAN2019", "ORACLE:CPUJAN2019-5072801", "ORACLE:CPUJUL2018", "ORACLE:CPUJUL2018-4258247", "ORACLE:CPUJUL2019", "ORACLE:CPUJUL2019-5072835", "ORACLE:CPUJUL2021", "ORACLE:CPUOCT2018", "ORACLE:CPUOCT2018-4428296"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-2882", "ELSA-2017-2972", "ELSA-2018-0998", "ELSA-2018-3090", "ELSA-2018-3221", "ELSA-2018-4077", "ELSA-2018-4228", "ELSA-2018-4229", "ELSA-2018-4267", "ELSA-2019-2471", "ELSA-2019-4581", "ELSA-2019-4747", "ELSA-2021-9150"]}, {"type": "osv", "idList": ["OSV:DLA-1102-1", "OSV:DLA-1330-1", "OSV:DSA-3980-1", "OSV:DSA-4065-1", "OSV:DSA-4157-1", "OSV:DSA-4158-1"]}, {"type": "paloalto", "idList": ["PAN-SA-2018-0015"]}, {"type": "photon", "idList": ["PHSA-2017-0077", "PHSA-2018-0010", "PHSA-2018-0010-A", "PHSA-2018-0097", "PHSA-2018-1.0-0097-A"]}, {"type": "redhat", "idList": ["RHSA-2017:2882", "RHSA-2017:2972", "RHSA-2017:3018", "RHSA-2017:3113", "RHSA-2017:3114", "RHSA-2017:3193", "RHSA-2017:3194", "RHSA-2017:3195", "RHSA-2017:3239", "RHSA-2017:3240", "RHSA-2017:3475", "RHSA-2017:3476", "RHSA-2017:3477", "RHSA-2018:0998", "RHSA-2018:2185", "RHSA-2018:2186", "RHSA-2018:2187", "RHSA-2018:3090", "RHSA-2018:3221", "RHSA-2018:3505", "RHSA-2019:0366", "RHSA-2019:0367", "RHSA-2019:1711", "RHSA-2019:1712"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-15896", "RH:CVE-2017-3737", "RH:CVE-2017-9798", "RH:CVE-2018-0739"]}, {"type": "seebug", "idList": ["SSV:96537", "SSV:97082"]}, {"type": "slackware", "idList": ["SSA-2017-261-01", "SSA-2017-342-01", "SSA-2018-087-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:3345-1", "OPENSUSE-SU-2018:0223-1", "OPENSUSE-SU-2018:1057-1", "OPENSUSE-SU-2018:2208-1", "OPENSUSE-SU-2018:2238-1", "OPENSUSE-SU-2018:2293-1", "OPENSUSE-SU-2018:2524-1", "OPENSUSE-SU-2018:2695-1", "SUSE-SU-2017:3343-1", "SUSE-SU-2018:0902-1", "SUSE-SU-2018:0905-1", "SUSE-SU-2018:0906-1", "SUSE-SU-2018:0975-1"]}, {"type": "symantec", "idList": ["SMNTC-1428", "SMNTC-1443", "SMNTC-1457"]}, {"type": "tenable", "idList": ["TENABLE:50BE3CD37FC3509DDA43C11702778C75", "TENABLE:FF52F52E6157E81F57A22D9356B954AC"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:A5BD476BF79F7E3854840596F916518C"]}, {"type": "ubuntu", "idList": ["USN-3425-1", "USN-3425-2", "USN-3512-1", "USN-3611-1", "USN-3611-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-15896", "UB:CVE-2017-3737", "UB:CVE-2017-9798", "UB:CVE-2018-0739", "UB:CVE-2018-2830", "UB:CVE-2018-2831", "UB:CVE-2018-2835", "UB:CVE-2018-2836", "UB:CVE-2018-2837", "UB:CVE-2018-2842", "UB:CVE-2018-2843", "UB:CVE-2018-2844", "UB:CVE-2018-2845", "UB:CVE-2018-2860"]}, {"type": "zdi", "idList": ["ZDI-18-302", "ZDI-18-303", "ZDI-18-304", "ZDI-18-305", "ZDI-18-782", "ZDI-18-783"]}, {"type": "zdt", "idList": ["1337DAY-ID-28573"]}]}, "score": {"value": -0.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "aix", "idList": ["OPENSSL_ADVISORY25.ASC", "OPENSSL_ADVISORY26.ASC"]}, {"type": "amazon", "idList": ["ALAS-2017-896", "ALAS-2018-1065", "ALAS-2018-1069", "ALAS-2018-1070", "ALAS2-2018-1102"]}, {"type": "apple", "idList": ["APPLE:B7AA5B9368DE4BD135A602B017EB0259", "APPLE:HT208331"]}, {"type": "archlinux", "idList": ["ASA-201709-15"]}, {"type": "attackerkb", "idList": ["AKB:D0F5AA2A-4D99-41A6-9F83-6D0EA1AD01FC"]}, {"type": "avleonov", "idList": ["AVLEONOV:101A90D5F21CD7ACE01781C2913D1B6D"]}, {"type": "centos", "idList": ["CESA-2017:2882", "CESA-2017:2972"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2017-0774", "CPAI-2017-0896"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:78350CC978808A6C42CDCB2451BF30F4"]}, {"type": "cloudlinux", "idList": ["CLSA-2021:1632262317"]}, {"type": "cve", "idList": ["CVE-2017-9798", "CVE-2018-2830", "CVE-2018-2831", "CVE-2018-2835", "CVE-2018-2836", "CVE-2018-2837", "CVE-2018-2842", "CVE-2018-2843", "CVE-2018-2844", "CVE-2018-2845", "CVE-2018-2860"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1102-1:7F277", "DEBIAN:DLA-1330-1:A6756", "DEBIAN:DSA-3980-1:C7ED3", "DEBIAN:DSA-4065-1:A75E5", "DEBIAN:DSA-4157-1:5A16B", "DEBIAN:DSA-4158-1:43C61"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-9798"]}, {"type": "exploitdb", "idList": ["EDB-ID:42745"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:C8C256BE0BFF5FE1C0405CB0AA9C075D"]}, {"type": "f5", "idList": ["F5:K18364001", "F5:K43452233", "F5:K70084351"]}, {"type": "fedora", "idList": ["FEDORA:0240B604B381", "FEDORA:092E9605F081", "FEDORA:63AEC601CFBA", "FEDORA:68D44601BD0C", "FEDORA:7B564604AACC", "FEDORA:A9847604E850", "FEDORA:ACC466324C7C", "FEDORA:B4E3C6062CB4", "FEDORA:B5C736087A8D", "FEDORA:B98866076020", "FEDORA:BFACF60A35B3"]}, {"type": "freebsd", "idList": ["76B085E2-9D33-11E7-9260-000C292EE6B8"]}, {"type": "gentoo", "idList": ["GLSA-201710-32", "GLSA-201805-08"]}, {"type": "hackerone", "idList": ["H1:269568"]}, {"type": "httpd", "idList": ["HTTPD:7DDAAFDB1FD8B2E7FD36ADABA5DB6DAA"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20180613-01-OPENSSL"]}, {"type": "ibm", "idList": ["0A3CB536625237AF6E1A39B78799B41B9AF062894DA038E4F769071D72640FDB", "59AFB6B22B3D21FAFDC933DA29973F4C6887013B5320E839F5B0B140E8DDA7D1", "5A23BE34322F36780B2821378B1628B3331997E99E3A9C4B3B0067399EEBC3F5", "D272B1ACFC08FB00F71DAECEAF120EF8F47B4AA0F575849F81F09FF6E35CBFB5", "FDE8E9C242ED2D257B3BCF9E013CB6CFC32441C70BF5803FE16A714EDE9E7DFB", "FEDE4F7915CF8E683DBC7AB56D68872D5740EF9C5D19FED52B140130771052A2"]}, {"type": "kaspersky", "idList": ["KLA11236"]}, {"type": "kitploit", "idList": ["KITPLOIT:5052987141331551837"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/SCANNER/HTTP/APACHE_OPTIONSBLEED"]}, {"type": "nessus", "idList": ["ALA_ALAS-2017-896.NASL", "CENTOS_RHSA-2017-2882.NASL", "CENTOS_RHSA-2017-2972.NASL", "CENTOS_RHSA-2018-0998.NASL", "DEBIAN_DLA-1102.NASL", "DEBIAN_DLA-1330.NASL", "DEBIAN_DSA-3980.NASL", "DEBIAN_DSA-4157.NASL", "DEBIAN_DSA-4158.NASL", "EULEROS_SA-2018-1115.NASL", "EULEROS_SA-2021-2542.NASL", "EULEROS_SA-2021-2566.NASL", "FEDORA_2017-A52F252521.NASL", "FEDORA_2018-40DC8B8B16.NASL", "FEDORA_2018-76AFAF1961.NASL", "FREEBSD_PKG_76B085E29D3311E79260000C292EE6B8.NASL", "FREEBSD_PKG_B7CFF5A931CC11E88F07B499BAEBFEAF.NASL", "GENTOO_GLSA-201710-32.NASL", "GENTOO_GLSA-201805-08.NASL", "MYSQL_5_6_39.NASL", "OPENSSL_1_0_2N.NASL", "OPENSUSE-2017-1083.NASL", "OPENSUSE-2018-116.NASL", "OPENSUSE-2018-389.NASL", "OPENSUSE-2018-90.NASL", "ORACLELINUX_ELSA-2017-2882.NASL", "ORACLELINUX_ELSA-2017-2972.NASL", "ORACLELINUX_ELSA-2018-0998.NASL", "ORACLELINUX_ELSA-2018-4228.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_APR_2018_CPU.NASL", "PFSENSE_SA-17_11.NASL", "PHOTONOS_PHSA-2018-1_0-0097-A_OPENSSL.NASL", "PHOTONOS_PHSA-2018-2_0-0010-A_OPENSSL.NASL", "REDHAT-RHSA-2017-2882.NASL", "REDHAT-RHSA-2017-2972.NASL", "REDHAT-RHSA-2019-0367.NASL", "SECURITYCENTER_OPENSSL_1_0_2N.NASL", "SLACKWARE_SSA_2017-261-01.NASL", "SLACKWARE_SSA_2018-087-01.NASL", "SL_20171011_HTTPD_ON_SL7_X.NASL", "SL_20171019_HTTPD_ON_SL6_X.NASL", "SL_20180410_OPENSSL_ON_SL7_X.NASL", "SUSE_SU-2017-2542-1.NASL", "SUSE_SU-2017-2718-1.NASL", "SUSE_SU-2017-2756-1.NASL", "SUSE_SU-2018-0975-1.NASL", "UBUNTU_USN-3425-1.NASL", "UBUNTU_USN-3611-1.NASL", "VIRTUALBOX_5_2_10.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310108252", "OPENVAS:1361412562310703980", "OPENVAS:1361412562310704157", "OPENVAS:1361412562310704158", "OPENVAS:1361412562310812045", "OPENVAS:1361412562310813302", "OPENVAS:1361412562310813303", "OPENVAS:1361412562310813304", "OPENVAS:1361412562310843313", "OPENVAS:1361412562310843487", "OPENVAS:1361412562310851688", "OPENVAS:1361412562310873446", "OPENVAS:1361412562310874349", "OPENVAS:1361412562310874356", "OPENVAS:1361412562310874436", "OPENVAS:1361412562310882791", "OPENVAS:1361412562310891330"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2018"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-2882", "ELSA-2017-2972", "ELSA-2018-0998", "ELSA-2018-4077", "ELSA-2018-4228", "ELSA-2018-4229"]}, {"type": "paloalto", "idList": ["PAN-SA-2018-0015"]}, {"type": "photon", "idList": ["PHSA-2018-0010", "PHSA-2018-0010-A", "PHSA-2018-1.0-0097-A"]}, {"type": "redhat", "idList": ["RHSA-2017:2882"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-15896"]}, {"type": "seebug", "idList": ["SSV:96537"]}, {"type": "slackware", "idList": ["SSA-2017-261-01", "SSA-2017-342-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:0223-1", "OPENSUSE-SU-2018:1057-1", "SUSE-SU-2018:0975-1"]}, {"type": "symantec", "idList": ["SMNTC-1428", "SMNTC-1443", "SMNTC-1457"]}, {"type": "tenable", "idList": ["TENABLE:FF52F52E6157E81F57A22D9356B954AC"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:A5BD476BF79F7E3854840596F916518C"]}, {"type": "ubuntu", "idList": ["USN-3425-1", "USN-3425-2", "USN-3512-1", "USN-3611-1", "USN-3611-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-0739", "UB:CVE-2018-2830", "UB:CVE-2018-2831", "UB:CVE-2018-2835", "UB:CVE-2018-2836", "UB:CVE-2018-2837", "UB:CVE-2018-2842", "UB:CVE-2018-2843", "UB:CVE-2018-2844", "UB:CVE-2018-2845", "UB:CVE-2018-2860"]}, {"type": "zdi", "idList": ["ZDI-18-782", "ZDI-18-783"]}, {"type": "zdt", "idList": ["1337DAY-ID-28573"]}]}, "exploitation": null, "vulnersScore": -0.1}, "pluginID": "1361412562310851734", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851734\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-04-25 08:40:14 +0200 (Wed, 25 Apr 2018)\");\n script_cve_id(\"CVE-2017-3737\", \"CVE-2017-9798\", \"CVE-2018-0739\", \"CVE-2018-2830\",\n \"CVE-2018-2831\", \"CVE-2018-2835\", \"CVE-2018-2836\", \"CVE-2018-2837\",\n \"CVE-2018-2842\", \"CVE-2018-2843\", \"CVE-2018-2844\", \"CVE-2018-2845\",\n \"CVE-2018-2860\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for virtualbox (openSUSE-SU-2018:1057-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'virtualbox'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for VirtualBox to version 5.1.36 fixes multiple issues:\n\n Security issues fixed:\n\n - CVE-2018-0739: Unauthorized remote attacker may have caused a hang or\n frequently repeatable crash (complete DOS)\n\n - CVE-2018-2830: Attacker with host login may have compromised Virtualbox\n or further system services after interaction with a third user\n\n - CVE-2018-2831: Attacker with host login may have compromised VirtualBox\n or further system services, allowing read access to some data\n\n - CVE-2018-2835: Attacker with host login may have gained control over\n VirtualBox and possibly further system services after interacting with a\n third user\n\n - CVE-2018-2836: Attacker with host login may have gained control over\n VirtualBox and possibly further system services after interacting with a\n third user\n\n - CVE-2018-2837: Attacker with host login may have gained control over\n VirtualBox and possibly further system services after interacting with a\n third user\n\n - CVE-2018-2842: Attacker with host login may have gained control over\n VirtualBox and possibly further system services after interacting with a\n third user\n\n - CVE-2018-2843: Attacker with host login may have gained control over\n VirtualBox and possibly further system services after interacting with a\n third user\n\n - CVE-2018-2844: Attacker with host login may have gained control over\n VirtualBox and possibly further system services after interacting with a\n third user\n\n - CVE-2018-2845: Attacker with host login may have caused a hang or\n frequently repeatable crash (complete DOS), and perform unauthorized\n read and write operation to some VirtualBox accessible data\n\n - CVE-2018-2860: Privileged attacker may have gained control over\n VirtualBox and possibly further system services\n\n #AppendixOVIR\n\n This update also contains all upstream fixes and improvements in the\n stable 5.1.36 release.\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2018-389=1\");\n\n script_tag(name:\"affected\", value:\"virtualbox on openSUSE Leap 42.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:1057-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-04/msg00069.html\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-36781\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-desktop-icons\", rpm:\"virtualbox-guest-desktop-icons~5.1.36~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-source\", rpm:\"virtualbox-guest-source~5.1.36~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-source\", rpm:\"virtualbox-host-source~5.1.36~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-virtualbox\", rpm:\"python-virtualbox~5.1.36~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-virtualbox-debuginfo\", rpm:\"python-virtualbox-debuginfo~5.1.36~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox\", rpm:\"virtualbox~5.1.36~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-debuginfo\", rpm:\"virtualbox-debuginfo~5.1.36~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-debugsource\", rpm:\"virtualbox-debugsource~5.1.36~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-devel\", rpm:\"virtualbox-devel~5.1.36~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-default\", rpm:\"virtualbox-guest-kmp-default~5.1.36_k4.4.126_48~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-default-debuginfo\", rpm:\"virtualbox-guest-kmp-default-debuginfo~5.1.36_k4.4.126_48~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-tools\", rpm:\"virtualbox-guest-tools~5.1.36~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-tools-debuginfo\", rpm:\"virtualbox-guest-tools-debuginfo~5.1.36~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-x11\", rpm:\"virtualbox-guest-x11~5.1.36~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-x11-debuginfo\", rpm:\"virtualbox-guest-x11-debuginfo~5.1.36~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-default\", rpm:\"virtualbox-host-kmp-default~5.1.36_k4.4.126_48~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-default-debuginfo\", rpm:\"virtualbox-host-kmp-default-debuginfo~5.1.36_k4.4.126_48~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-qt\", rpm:\"virtualbox-qt~5.1.36~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-qt-debuginfo\", rpm:\"virtualbox-qt-debuginfo~5.1.36~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-vnc\", rpm:\"virtualbox-vnc~5.1.36~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-websrv\", rpm:\"virtualbox-websrv~5.1.36~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-websrv-debuginfo\", rpm:\"virtualbox-websrv-debuginfo~5.1.36~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "naslFamily": "SuSE Local Security Checks", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1659994789, "score": 1659979568}, "_internal": {"score_hash": "4eb381acdeb8c94e155b5e51dabd172c"}}
{"nessus": [{"lastseen": "2023-01-11T14:44:32", "description": "This update for VirtualBox to version 5.1.36 fixes multiple issues :\n\nSecurity issues fixed :\n\n - CVE-2018-0739: Unauthorized remote attacker may have caused a hang or frequently repeatable crash (complete DOS)\n\n - CVE-2018-2830: Attacker with host login may have compromised Virtualbox or further system services after interaction with a third user\n\n - CVE-2018-2831: Attacker with host login may have compromised VirtualBox or further system services, allowing read access to some data\n\n - CVE-2018-2835: Attacker with host login may have gained control over VirtualBox and possibly further system services after interacting with a third user\n\n - CVE-2018-2836: Attacker with host login may have gained control over VirtualBox and possibly further system services after interacting with a third user\n\n - CVE-2018-2837: Attacker with host login may have gained control over VirtualBox and possibly further system services after interacting with a third user\n\n - CVE-2018-2842: Attacker with host login may have gained control over VirtualBox and possibly further system services after interacting with a third user\n\n - CVE-2018-2843: Attacker with host login may have gained control over VirtualBox and possibly further system services after interacting with a third user \n\n - CVE-2018-2844: Attacker with host login may have gained control over VirtualBox and possibly further system services after interacting with a third user \n\n - CVE-2018-2845: Attacker with host login may have caused a hang or frequently repeatable crash (complete DOS), and perform unauthorized read and write operation to some VirtualBox accessible data\n\n - CVE-2018-2860: Privileged attacker may have gained control over VirtualBox and possibly further system services\n\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose- 3678108.html http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067 .html#AppendixOVIR\n\nThis update also contains all upstream fixes and improvements in the stable 5.1.36 release.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-04-24T00:00:00", "type": "nessus", "title": "openSUSE Security Update : virtualbox (openSUSE-2018-389) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3737", "CVE-2017-9798", "CVE-2018-0739", "CVE-2018-2830", "CVE-2018-2831", "CVE-2018-2835", "CVE-2018-2836", "CVE-2018-2837", "CVE-2018-2842", "CVE-2018-2843", "CVE-2018-2844", "CVE-2018-2845", "CVE-2018-2860"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:python-virtualbox", "p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox", "p-cpe:/a:novell:opensuse:virtualbox-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-debugsource", "p-cpe:/a:novell:opensuse:virtualbox-devel", "p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-source", "p-cpe:/a:novell:opensuse:virtualbox-guest-tools", "p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-x11", "p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-host-source", "p-cpe:/a:novell:opensuse:virtualbox-qt", "p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-vnc", "p-cpe:/a:novell:opensuse:virtualbox-websrv", "p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-389.NASL", "href": "https://www.tenable.com/plugins/nessus/109294", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-389.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(109294);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-3737\", \"CVE-2017-9798\", \"CVE-2018-0739\", \"CVE-2018-2830\", \"CVE-2018-2831\", \"CVE-2018-2835\", \"CVE-2018-2836\", \"CVE-2018-2837\", \"CVE-2018-2842\", \"CVE-2018-2843\", \"CVE-2018-2844\", \"CVE-2018-2845\", \"CVE-2018-2860\");\n\n script_name(english:\"openSUSE Security Update : virtualbox (openSUSE-2018-389) (Optionsbleed)\");\n script_summary(english:\"Check for the openSUSE-2018-389 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for VirtualBox to version 5.1.36 fixes multiple issues :\n\nSecurity issues fixed :\n\n - CVE-2018-0739: Unauthorized remote attacker may have\n caused a hang or frequently repeatable crash (complete\n DOS)\n\n - CVE-2018-2830: Attacker with host login may have\n compromised Virtualbox or further system services after\n interaction with a third user\n\n - CVE-2018-2831: Attacker with host login may have\n compromised VirtualBox or further system services,\n allowing read access to some data\n\n - CVE-2018-2835: Attacker with host login may have gained\n control over VirtualBox and possibly further system\n services after interacting with a third user\n\n - CVE-2018-2836: Attacker with host login may have gained\n control over VirtualBox and possibly further system\n services after interacting with a third user\n\n - CVE-2018-2837: Attacker with host login may have gained\n control over VirtualBox and possibly further system\n services after interacting with a third user\n\n - CVE-2018-2842: Attacker with host login may have gained\n control over VirtualBox and possibly further system\n services after interacting with a third user\n\n - CVE-2018-2843: Attacker with host login may have gained\n control over VirtualBox and possibly further system\n services after interacting with a third user \n\n - CVE-2018-2844: Attacker with host login may have gained\n control over VirtualBox and possibly further system\n services after interacting with a third user \n\n - CVE-2018-2845: Attacker with host login may have caused\n a hang or frequently repeatable crash (complete DOS),\n and perform unauthorized read and write operation to\n some VirtualBox accessible data\n\n - CVE-2018-2860: Privileged attacker may have gained\n control over VirtualBox and possibly further system\n services\n\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-\n3678108.html\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067\n.html#AppendixOVIR\n\nThis update also contains all upstream fixes and improvements in the\nstable 5.1.36 release.\"\n );\n # http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixOVIR\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?05e0bcf5\"\n );\n # http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-3678108.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7eca6abf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1089997\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected virtualbox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-vnc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-websrv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/23\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"python-virtualbox-5.1.36-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"python-virtualbox-debuginfo-5.1.36-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-5.1.36-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-debuginfo-5.1.36-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-debugsource-5.1.36-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-devel-5.1.36-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-guest-desktop-icons-5.1.36-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-guest-kmp-default-5.1.36_k4.4.126_48-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-guest-kmp-default-debuginfo-5.1.36_k4.4.126_48-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-guest-source-5.1.36-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-guest-tools-5.1.36-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-guest-tools-debuginfo-5.1.36-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-guest-x11-5.1.36-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-guest-x11-debuginfo-5.1.36-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-host-kmp-default-5.1.36_k4.4.126_48-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-host-kmp-default-debuginfo-5.1.36_k4.4.126_48-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-host-source-5.1.36-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-qt-5.1.36-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-qt-debuginfo-5.1.36-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-vnc-5.1.36-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-websrv-5.1.36-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-websrv-debuginfo-5.1.36-50.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-virtualbox / python-virtualbox-debuginfo / virtualbox / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:45:54", "description": "The version of Oracle VM VirtualBox running on the remote host is 5.1.x prior to 5.1.36 or 5.2.x prior to 5.2.10. It is, therefore, affected by multiple vulnerabilities as noted in the April 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information.\n\nNessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-05-10T00:00:00", "type": "nessus", "title": "Oracle VM VirtualBox 5.1.x < 5.1.36 / 5.2.x < 5.2.10 (April 2018 CPU)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0739", "CVE-2018-2830", "CVE-2018-2831", "CVE-2018-2835", "CVE-2018-2836", "CVE-2018-2837", "CVE-2018-2842", "CVE-2018-2843", "CVE-2018-2844", "CVE-2018-2845", "CVE-2018-2860"], "modified": "2019-11-05T00:00:00", "cpe": ["cpe:/a:oracle:vm_virtualbox"], "id": "VIRTUALBOX_5_2_10.NASL", "href": "https://www.tenable.com/plugins/nessus/109682", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109682);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/05\");\n\n script_cve_id(\n \"CVE-2018-0739\",\n \"CVE-2018-2830\",\n \"CVE-2018-2831\",\n \"CVE-2018-2835\",\n \"CVE-2018-2836\",\n \"CVE-2018-2837\",\n \"CVE-2018-2842\",\n \"CVE-2018-2843\",\n \"CVE-2018-2844\",\n \"CVE-2018-2845\",\n \"CVE-2018-2860\"\n );\n script_bugtraq_id(\n 103518,\n 103853,\n 103854,\n 103855,\n 103856,\n 103857,\n 103858,\n 103859,\n 103860,\n 103861,\n 103863\n );\n\n script_name(english:\"Oracle VM VirtualBox 5.1.x < 5.1.36 / 5.2.x < 5.2.10 (April 2018 CPU)\");\n script_summary(english:\"Performs a version check on VirtualBox.exe\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle VM VirtualBox running on the remote host is\n5.1.x prior to 5.1.36 or 5.2.x prior to 5.2.10. It is, therefore,\naffected by multiple vulnerabilities as noted in the April 2018\nCritical Patch Update advisory. Please consult the CVRF details\nfor the applicable CVEs for additional information.\n\nNessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixOVIR\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?05e0bcf5\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.virtualbox.org/wiki/Changelog\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Oracle VM VirtualBox version 5.1.36 / 5.2.10 or later as\nreferenced in the April 2018 Oracle Critical Patch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-2860\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:vm_virtualbox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"virtualbox_installed.nasl\", \"macosx_virtualbox_installed.nbin\");\n script_require_ports(\"installed_sw/Oracle VM VirtualBox\", \"installed_sw/VirtualBox\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\napp = NULL;\napps = make_list('Oracle VM VirtualBox', 'VirtualBox');\n\nforeach app (apps)\n{\n if (get_install_count(app_name:app)) break;\n else app = NULL;\n}\n\nif (isnull(app)) audit(AUDIT_NOT_INST, 'Oracle VM VirtualBox');\n\ninstall = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);\n\nver = install['version'];\npath = install['path'];\n\n\n# 5.1.x < 5.1.36\nif (ver =~ '^5\\\\.1' && ver_compare(ver:ver, fix:'5.1.36', strict:FALSE) < 0) fix = '5.1.36';\n# 5.2.x < 5.2.10\nelse if (ver =~ '^5\\\\.2' && ver_compare(ver:ver, fix:'5.2.10', strict:FALSE) < 0) fix = '5.2.10';\nelse audit(AUDIT_INST_PATH_NOT_VULN, app, ver, path);\n\nport = 0;\nif (app == 'Oracle VM VirtualBox')\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n}\n\nreport =\n '\\n Path : ' + path +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : ' + fix +\n '\\n';\nsecurity_report_v4(port:port, extra:report, severity:SECURITY_WARNING);\nexit(0);\n\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:45:35", "description": "The remote host is affected by the vulnerability described in GLSA-201805-08 (VirtualBox: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in VirtualBox. Please review the CVE identifiers referenced below for details.\n Impact :\n\n An attacker could take control of VirtualBox resulting in the execution of arbitrary code with the privileges of the process, a Denial of Service condition, or other unspecified impacts.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-05-23T00:00:00", "type": "nessus", "title": "GLSA-201805-08 : VirtualBox: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2830", "CVE-2018-2831", "CVE-2018-2835", "CVE-2018-2836", "CVE-2018-2837", "CVE-2018-2842", "CVE-2018-2843", "CVE-2018-2844", "CVE-2018-2845", "CVE-2018-2860"], "modified": "2018-09-04T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:virtualbox", "p-cpe:/a:gentoo:linux:virtualbox-bin", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201805-08.NASL", "href": "https://www.tenable.com/plugins/nessus/109975", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201805-08.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109975);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/09/04 13:20:07\");\n\n script_cve_id(\"CVE-2018-2830\", \"CVE-2018-2831\", \"CVE-2018-2835\", \"CVE-2018-2836\", \"CVE-2018-2837\", \"CVE-2018-2842\", \"CVE-2018-2843\", \"CVE-2018-2844\", \"CVE-2018-2845\", \"CVE-2018-2860\");\n script_xref(name:\"GLSA\", value:\"201805-08\");\n\n script_name(english:\"GLSA-201805-08 : VirtualBox: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201805-08\n(VirtualBox: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in VirtualBox. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n An attacker could take control of VirtualBox resulting in the execution\n of arbitrary code with the privileges of the process, a Denial of Service\n condition, or other unspecified impacts.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201805-08\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All VirtualBox users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-emulation/virtualbox-5.1.36'\n All VirtualBox binary users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=app-emulation/virtualbox-bin-5.1.36.122089'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:virtualbox-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-emulation/virtualbox\", unaffected:make_list(\"ge 5.1.36\"), vulnerable:make_list(\"lt 5.1.36\"))) flag++;\nif (qpkg_check(package:\"app-emulation/virtualbox-bin\", unaffected:make_list(\"ge 5.1.36.122089\"), vulnerable:make_list(\"lt 5.1.36.122089\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"VirtualBox\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:48:48", "description": "This update for kbuild, virtualbox fixes the following issues :\n\nkbuild changes :\n\n - Update to version 0.1.9998svn3110\n\n - Do not assume glibc glob internals\n\n - Support GLIBC glob interface version 2\n\n - Fix build failure (boo#1079838)\n\n - Fix build with GCC7 (boo#1039375)\n\n - Fix build by disabling vboxvideo_drv.so\n\nvirtualbox security fixes (boo#1101667, boo#1076372) :\n\n - CVE-2018-3005\n\n - CVE-2018-3055\n\n - CVE-2018-3085\n\n - CVE-2018-3086\n\n - CVE-2018-3087\n\n - CVE-2018-3088\n\n - CVE-2018-3089\n\n - CVE-2018-3090\n\n - CVE-2018-3091\n\n - CVE-2018-2694\n\n - CVE-2018-2698\n\n - CVE-2018-2685\n\n - CVE-2018-2686\n\n - CVE-2018-2687\n\n - CVE-2018-2688\n\n - CVE-2018-2689\n\n - CVE-2018-2690\n\n - CVE-2018-2676\n\n - CVE-2018-2693\n\n - CVE-2017-5715\n\nvirtualbox other changes :\n\n - Version bump to 5.2.16\n\n - Use %(?linux_make_arch) when building kernel modules (boo#1098050)\n\n - Fixed vboxguestconfig.sh script\n\n - Update warning regarding the security hole in USB passthrough. (boo#1097248)\n\n - Fixed include for build with Qt 5.11 (boo#1093731)\n\n - You can find a detailed list of changes [here](https://www.virtualbox.org/wiki/Changelog#v16)", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-08-28T00:00:00", "type": "nessus", "title": "openSUSE Security Update : kbuild / virtualbox (openSUSE-2018-938) (Spectre)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5715", "CVE-2018-0739", "CVE-2018-2676", "CVE-2018-2685", "CVE-2018-2686", "CVE-2018-2687", "CVE-2018-2688", "CVE-2018-2689", "CVE-2018-2690", "CVE-2018-2693", "CVE-2018-2694", "CVE-2018-2698", "CVE-2018-2830", "CVE-2018-2831", "CVE-2018-2835", "CVE-2018-2836", "CVE-2018-2837", "CVE-2018-2842", "CVE-2018-2843", "CVE-2018-2844", "CVE-2018-2845", "CVE-2018-2860", "CVE-2018-3005", "CVE-2018-3055", "CVE-2018-3085", "CVE-2018-3086", "CVE-2018-3087", "CVE-2018-3088", "CVE-2018-3089", "CVE-2018-3090", "CVE-2018-3091"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kbuild", "p-cpe:/a:novell:opensuse:kbuild-debuginfo", "p-cpe:/a:novell:opensuse:kbuild-debugsource", "p-cpe:/a:novell:opensuse:python-virtualbox", "p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox", "p-cpe:/a:novell:opensuse:virtualbox-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-debugsource", "p-cpe:/a:novell:opensuse:virtualbox-devel", "p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-source", "p-cpe:/a:novell:opensuse:virtualbox-guest-tools", "p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-x11", "p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-host-source", "p-cpe:/a:novell:opensuse:virtualbox-qt", "p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-vnc", "p-cpe:/a:novell:opensuse:virtualbox-websrv", "p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-938.NASL", "href": "https://www.tenable.com/plugins/nessus/112143", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-938.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(112143);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2018-0739\", \"CVE-2018-2676\", \"CVE-2018-2685\", \"CVE-2018-2686\", \"CVE-2018-2687\", \"CVE-2018-2688\", \"CVE-2018-2689\", \"CVE-2018-2690\", \"CVE-2018-2693\", \"CVE-2018-2694\", \"CVE-2018-2698\", \"CVE-2018-2830\", \"CVE-2018-2831\", \"CVE-2018-2835\", \"CVE-2018-2836\", \"CVE-2018-2837\", \"CVE-2018-2842\", \"CVE-2018-2843\", \"CVE-2018-2844\", \"CVE-2018-2845\", \"CVE-2018-2860\", \"CVE-2018-3005\", \"CVE-2018-3055\", \"CVE-2018-3085\", \"CVE-2018-3086\", \"CVE-2018-3087\", \"CVE-2018-3088\", \"CVE-2018-3089\", \"CVE-2018-3090\", \"CVE-2018-3091\");\n\n script_name(english:\"openSUSE Security Update : kbuild / virtualbox (openSUSE-2018-938) (Spectre)\");\n script_summary(english:\"Check for the openSUSE-2018-938 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for kbuild, virtualbox fixes the following issues :\n\nkbuild changes :\n\n - Update to version 0.1.9998svn3110\n\n - Do not assume glibc glob internals\n\n - Support GLIBC glob interface version 2\n\n - Fix build failure (boo#1079838)\n\n - Fix build with GCC7 (boo#1039375)\n\n - Fix build by disabling vboxvideo_drv.so\n\nvirtualbox security fixes (boo#1101667, boo#1076372) :\n\n - CVE-2018-3005\n\n - CVE-2018-3055\n\n - CVE-2018-3085\n\n - CVE-2018-3086\n\n - CVE-2018-3087\n\n - CVE-2018-3088\n\n - CVE-2018-3089\n\n - CVE-2018-3090\n\n - CVE-2018-3091\n\n - CVE-2018-2694\n\n - CVE-2018-2698\n\n - CVE-2018-2685\n\n - CVE-2018-2686\n\n - CVE-2018-2687\n\n - CVE-2018-2688\n\n - CVE-2018-2689\n\n - CVE-2018-2690\n\n - CVE-2018-2676\n\n - CVE-2018-2693\n\n - CVE-2017-5715\n\nvirtualbox other changes :\n\n - Version bump to 5.2.16\n\n - Use %(?linux_make_arch) when building kernel modules\n (boo#1098050)\n\n - Fixed vboxguestconfig.sh script\n\n - Update warning regarding the security hole in USB\n passthrough. (boo#1097248)\n\n - Fixed include for build with Qt 5.11 (boo#1093731)\n\n - You can find a detailed list of changes\n [here](https://www.virtualbox.org/wiki/Changelog#v16)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1039375\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1076372\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1079838\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1093731\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1097248\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1098050\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101667\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.virtualbox.org/wiki/Changelog#v16\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kbuild / virtualbox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kbuild\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kbuild-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kbuild-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-vnc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-websrv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/28\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kbuild-0.1.9998svn3110-4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kbuild-debuginfo-0.1.9998svn3110-4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kbuild-debugsource-0.1.9998svn3110-4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-guest-desktop-icons-5.2.18-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-guest-source-5.2.18-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-host-source-5.2.18-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"python-virtualbox-5.2.18-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"python-virtualbox-debuginfo-5.2.18-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"virtualbox-5.2.18-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"virtualbox-debuginfo-5.2.18-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"virtualbox-debugsource-5.2.18-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"virtualbox-devel-5.2.18-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"virtualbox-guest-kmp-default-5.2.18_k4.4.143_65-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"virtualbox-guest-kmp-default-debuginfo-5.2.18_k4.4.143_65-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"virtualbox-guest-tools-5.2.18-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"virtualbox-guest-tools-debuginfo-5.2.18-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"virtualbox-guest-x11-5.2.18-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"virtualbox-guest-x11-debuginfo-5.2.18-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"virtualbox-host-kmp-default-5.2.18_k4.4.143_65-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"virtualbox-host-kmp-default-debuginfo-5.2.18_k4.4.143_65-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"virtualbox-qt-5.2.18-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"virtualbox-qt-debuginfo-5.2.18-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"virtualbox-vnc-5.2.18-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"virtualbox-websrv-5.2.18-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"virtualbox-websrv-debuginfo-5.2.18-56.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kbuild / kbuild-debuginfo / kbuild-debugsource / python-virtualbox / etc\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-31T14:19:40", "description": "The version of Oracle Secure Global Desktop installed on the remote host is 5.3 and is missing a security patch from the April 2018 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-04-19T00:00:00", "type": "nessus", "title": "Oracle Secure Global Desktop Multiple Vulnerabilities (April 2018 CPU)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3737", "CVE-2017-3738", "CVE-2017-9798"], "modified": "2021-10-25T00:00:00", "cpe": ["cpe:/a:oracle:virtualization_secure_global_desktop"], "id": "ORACLE_SECURE_GLOBAL_DESKTOP_APR_2018_CPU.NASL", "href": "https://www.tenable.com/plugins/nessus/109165", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109165);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/25\");\n\n script_cve_id(\"CVE-2017-3737\", \"CVE-2017-3738\", \"CVE-2017-9798\");\n script_bugtraq_id(100872, 102103, 102118);\n\n script_name(english:\"Oracle Secure Global Desktop Multiple Vulnerabilities (April 2018 CPU)\");\n script_summary(english:\"Checks the version of Oracle Secure Global Desktop.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle Secure Global Desktop installed on the remote\nhost is 5.3 and is missing a security patch from the April 2018\nCritical Patch Update (CPU). It is, therefore, affected by multiple\nvulnerabilities.\");\n # http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixOVIR\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?05e0bcf5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the April 2018 Oracle\nCritical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:virtualization_secure_global_desktop\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_secure_global_desktop_installed.nbin\");\n script_require_keys(\"Host/Oracle_Secure_Global_Desktop/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\napp = \"Oracle Secure Global Desktop\";\nversion = get_kb_item_or_exit(\"Host/Oracle_Secure_Global_Desktop/Version\");\n\n# this check is for Oracle Secure Global Desktop packages built for Linux platform\nuname = get_kb_item_or_exit(\"Host/uname\");\nif (\"Linux\" >!< uname) audit(AUDIT_OS_NOT, \"Linux\");\n\nfix_required = NULL;\n\nif (version =~ \"^5\\.30($|\\.)\") fix_required = 'Patch_53p4';\n\nif (isnull(fix_required)) audit(AUDIT_INST_VER_NOT_VULN, \"Oracle Secure Global Desktop\", version);\n\npatches = get_kb_list(\"Host/Oracle_Secure_Global_Desktop/Patches\");\n\npatched = FALSE;\nforeach patch (patches)\n{\n if (patch == fix_required)\n {\n patched = TRUE;\n break;\n }\n}\n\nif (patched) audit(AUDIT_INST_VER_NOT_VULN, app, version + ' (with ' + fix_required + ')');\n\nreport = '\\n Installed version : ' + version +\n '\\n Patch required : ' + fix_required +\n '\\n';\nsecurity_report_v4(port:0, extra:report, severity:SECURITY_WARNING);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:39:44", "description": "The Tenable SecurityCenter application installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities in the bundled version of OpenSSL.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-02-02T00:00:00", "type": "nessus", "title": "Tenable SecurityCenter OpenSSL 1.0.2 < 1.0.2n Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3737", "CVE-2017-3738", "CVE-2018-0733", "CVE-2018-0739"], "modified": "2020-10-09T00:00:00", "cpe": ["cpe:/a:tenable:securitycenter"], "id": "SECURITYCENTER_OPENSSL_1_0_2N.NASL", "href": "https://www.tenable.com/plugins/nessus/106563", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106563);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/09\");\n\n script_cve_id(\n \"CVE-2017-3737\",\n \"CVE-2017-3738\",\n \"CVE-2018-0733\",\n \"CVE-2018-0739\"\n );\n script_bugtraq_id(102103, 102118);\n\n script_name(english:\"Tenable SecurityCenter OpenSSL 1.0.2 < 1.0.2n Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of OpenSSL in SecurityCenter.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Tenable SecurityCenter application on the remote host contains an\nOpenSSL library that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Tenable SecurityCenter application installed on the remote host\nis missing a security patch. It is, therefore, affected by multiple\nvulnerabilities in the bundled version of OpenSSL.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.tenable.com/security/tns-2018-04\");\n # https://docs.tenable.com/releasenotes/securitycenter/securitycenter79.htm\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?706680e4\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20171207.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Tenable SecurityCenter version 5.6.1 or later.\nAlternatively, apply SecurityCenter Patch SC-201801.1.5.x.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-0733\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:tenable:securitycenter\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"securitycenter_installed.nbin\", \"securitycenter_detect.nbin\");\n script_require_ports(\"Host/SecurityCenter/Version\", \"installed_sw/SecurityCenter\", \"Host/SecurityCenter/support/openssl/version\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\ninclude(\"install_func.inc\");\n\napp = \"OpenSSL (within SecurityCenter)\";\nfix = \"1.0.2n\";\n\nsc_ver = get_kb_item(\"Host/SecurityCenter/Version\");\nport = 0;\nif(empty_or_null(sc_ver))\n{\n port = 443;\n install = get_single_install(app_name:\"SecurityCenter\", combined:TRUE, exit_if_unknown_ver:TRUE);\n sc_ver = install[\"version\"];\n}\nif (empty_or_null(sc_ver)) audit(AUDIT_NOT_INST, \"SecurityCenter\");\n\nversion = get_kb_item(\"Host/SecurityCenter/support/openssl/version\");\nif (empty_or_null(version)) audit(AUDIT_UNKNOWN_APP_VER, app);\n\nif (\n openssl_ver_cmp(ver:version, fix:\"1.0.2\", same_branch:TRUE, is_min_check:FALSE) >= 0 &&\n openssl_ver_cmp(ver:version, fix:fix, same_branch:TRUE, is_min_check:FALSE) < 0\n)\n{\n report =\n '\\n SecurityCenter version : ' + sc_ver +\n '\\n SecurityCenter OpenSSL version : ' + version +\n '\\n Fixed OpenSSL version : ' + fix +\n '\\n';\n security_report_v4(port:port, severity:SECURITY_WARNING, extra:report);\n exit(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, app, version);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-29T14:42:37", "description": "According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.28. It is, therefore, affected by an HTTP vulnerability related to the <Limit {method}> directive in an .htaccess file.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-10-13T00:00:00", "type": "nessus", "title": "Apache 2.4.x < 2.4.28 HTTP Vulnerability (OptionsBleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:http_server", "cpe:/a:apache:httpd"], "id": "APACHE_2_4_28.NASL", "href": "https://www.tenable.com/plugins/nessus/103838", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103838);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2017-9798\");\n script_bugtraq_id(100872);\n\n script_name(english:\"Apache 2.4.x < 2.4.28 HTTP Vulnerability (OptionsBleed)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of Apache running on the remote\nhost is 2.4.x prior to 2.4.28. It is, therefore, affected by an HTTP\nvulnerability related to the <Limit {method}> directive in an \n.htaccess file.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://archive.apache.org/dist/httpd/CHANGES_2.4.28\");\n script_set_attribute(attribute:\"see_also\", value:\"https://httpd.apache.org/security/vulnerabilities_24.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache version 2.4.28 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-9798\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:http_server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:httpd\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"apache_http_version.nasl\", \"apache_http_server_nix_installed.nbin\", \"apache_httpd_win_installed.nbin\");\n script_require_keys(\"installed_sw/Apache\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\n\napp_info = vcf::apache_http_server::combined_get_app_info(app:'Apache');\n\nconstraints = [\n { \"min_version\" : \"2.4\", \"fixed_version\" : \"2.4.28\" }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-29T14:41:31", "description": "This update for apache2 fixes the following security issue :\n\n - CVE-2017-9798: Prevent use-after-free use of memory that allowed for an information leak via OPTIONS (bsc#1058058).\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update project.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-09-22T00:00:00", "type": "nessus", "title": "openSUSE Security Update : apache2 (openSUSE-2017-1083) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2", "p-cpe:/a:novell:opensuse:apache2-debuginfo", "p-cpe:/a:novell:opensuse:apache2-debugsource", "p-cpe:/a:novell:opensuse:apache2-devel", "p-cpe:/a:novell:opensuse:apache2-event", "p-cpe:/a:novell:opensuse:apache2-event-debuginfo", "p-cpe:/a:novell:opensuse:apache2-example-pages", "p-cpe:/a:novell:opensuse:apache2-prefork", "p-cpe:/a:novell:opensuse:apache2-prefork-debuginfo", "p-cpe:/a:novell:opensuse:apache2-utils", "p-cpe:/a:novell:opensuse:apache2-utils-debuginfo", "p-cpe:/a:novell:opensuse:apache2-worker", "p-cpe:/a:novell:opensuse:apache2-worker-debuginfo", "cpe:/o:novell:opensuse:42.2", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2017-1083.NASL", "href": "https://www.tenable.com/plugins/nessus/103399", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1083.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103399);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-9798\");\n\n script_name(english:\"openSUSE Security Update : apache2 (openSUSE-2017-1083) (Optionsbleed)\");\n script_summary(english:\"Check for the openSUSE-2017-1083 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for apache2 fixes the following security issue :\n\n - CVE-2017-9798: Prevent use-after-free use of memory that\n allowed for an information leak via OPTIONS\n (bsc#1058058).\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1058058\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-event\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-event-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-prefork-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-worker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/21\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-2.4.23-8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-debuginfo-2.4.23-8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-debugsource-2.4.23-8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-devel-2.4.23-8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-event-2.4.23-8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-event-debuginfo-2.4.23-8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-example-pages-2.4.23-8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-prefork-2.4.23-8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-prefork-debuginfo-2.4.23-8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-utils-2.4.23-8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-utils-debuginfo-2.4.23-8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-worker-2.4.23-8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-worker-debuginfo-2.4.23-8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-2.4.23-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-debuginfo-2.4.23-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-debugsource-2.4.23-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-devel-2.4.23-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-event-2.4.23-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-event-debuginfo-2.4.23-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-example-pages-2.4.23-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-prefork-2.4.23-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-prefork-debuginfo-2.4.23-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-utils-2.4.23-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-utils-debuginfo-2.4.23-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-worker-2.4.23-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-worker-debuginfo-2.4.23-16.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2 / apache2-debuginfo / apache2-debugsource / apache2-devel / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-29T14:41:31", "description": "Hanno Boeck discovered that incorrect parsing of Limit directives of .htaccess files by the Apache HTTP Server could result in memory disclosure.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 2.2.22-13+deb7u12.\n\nWe recommend that you upgrade your apache2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-09-22T00:00:00", "type": "nessus", "title": "Debian DLA-1102-1 : apache2 security update (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:apache2", "p-cpe:/a:debian:debian_linux:apache2-dbg", "p-cpe:/a:debian:debian_linux:apache2-doc", "p-cpe:/a:debian:debian_linux:apache2-mpm-event", "p-cpe:/a:debian:debian_linux:apache2-mpm-itk", "p-cpe:/a:debian:debian_linux:apache2-mpm-prefork", "p-cpe:/a:debian:debian_linux:apache2-mpm-worker", "p-cpe:/a:debian:debian_linux:apache2-prefork-dev", "p-cpe:/a:debian:debian_linux:apache2-suexec", "p-cpe:/a:debian:debian_linux:apache2-suexec-custom", "p-cpe:/a:debian:debian_linux:apache2-threaded-dev", "p-cpe:/a:debian:debian_linux:apache2-utils", "p-cpe:/a:debian:debian_linux:apache2.2-bin", "p-cpe:/a:debian:debian_linux:apache2.2-common", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1102.NASL", "href": "https://www.tenable.com/plugins/nessus/103389", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1102-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103389);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-9798\");\n\n script_name(english:\"Debian DLA-1102-1 : apache2 security update (Optionsbleed)\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Hanno Boeck discovered that incorrect parsing of Limit directives of\n.htaccess files by the Apache HTTP Server could result in memory\ndisclosure.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n2.2.22-13+deb7u12.\n\nWe recommend that you upgrade your apache2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/09/msg00019.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/apache2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-mpm-event\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-mpm-itk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-mpm-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-mpm-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-prefork-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-suexec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-suexec-custom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-threaded-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2.2-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2.2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/21\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"apache2\", reference:\"2.2.22-13+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-dbg\", reference:\"2.2.22-13+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-doc\", reference:\"2.2.22-13+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-mpm-event\", reference:\"2.2.22-13+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-mpm-itk\", reference:\"2.2.22-13+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-mpm-prefork\", reference:\"2.2.22-13+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-mpm-worker\", reference:\"2.2.22-13+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-prefork-dev\", reference:\"2.2.22-13+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-suexec\", reference:\"2.2.22-13+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-suexec-custom\", reference:\"2.2.22-13+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-threaded-dev\", reference:\"2.2.22-13+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-utils\", reference:\"2.2.22-13+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2.2-bin\", reference:\"2.2.22-13+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2.2-common\", reference:\"2.2.22-13+deb7u12\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-29T14:41:45", "description": "This is a release fixing a security fix applied upstream, known as 'optionsbleed' in popular parlance.\n\nIt is relevant for hosted and co-located instances of Fedora (and why wouldn't you?).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-09-25T00:00:00", "type": "nessus", "title": "Fedora 26 : httpd (2017-a52f252521) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:httpd", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-A52F252521.NASL", "href": "https://www.tenable.com/plugins/nessus/103438", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-a52f252521.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103438);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-9798\");\n script_xref(name:\"FEDORA\", value:\"2017-a52f252521\");\n\n script_name(english:\"Fedora 26 : httpd (2017-a52f252521) (Optionsbleed)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This is a release fixing a security fix applied upstream, known as\n'optionsbleed' in popular parlance.\n\nIt is relevant for hosted and co-located instances of Fedora (and why\nwouldn't you?).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-a52f252521\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected httpd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/25\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"httpd-2.4.27-3.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-29T14:41:48", "description": "Hanno Boeck discovered that incorrect parsing of Limit directives of .htaccess files by the Apache HTTP Server could result in memory disclosure.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-09-21T00:00:00", "type": "nessus", "title": "Debian DSA-3980-1 : apache2 - security update (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:apache2", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-3980.NASL", "href": "https://www.tenable.com/plugins/nessus/103364", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3980. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103364);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-9798\");\n script_xref(name:\"DSA\", value:\"3980\");\n\n script_name(english:\"Debian DSA-3980-1 : apache2 - security update (Optionsbleed)\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Hanno Boeck discovered that incorrect parsing of Limit directives of\n.htaccess files by the Apache HTTP Server could result in memory\ndisclosure.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/apache2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/apache2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3980\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the apache2 packages.\n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 2.4.10-10+deb8u11.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 2.4.25-3+deb9u3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"apache2\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-bin\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-data\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-dbg\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-dev\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-doc\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-mpm-event\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-mpm-itk\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-mpm-prefork\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-mpm-worker\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-suexec\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-suexec-custom\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-suexec-pristine\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-utils\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2.2-bin\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2.2-common\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libapache2-mod-macro\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libapache2-mod-proxy-html\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2\", reference:\"2.4.25-3+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2-bin\", reference:\"2.4.25-3+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2-data\", reference:\"2.4.25-3+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2-dbg\", reference:\"2.4.25-3+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2-dev\", reference:\"2.4.25-3+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2-doc\", reference:\"2.4.25-3+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2-ssl-dev\", reference:\"2.4.25-3+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2-suexec-custom\", reference:\"2.4.25-3+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2-suexec-pristine\", reference:\"2.4.25-3+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2-utils\", reference:\"2.4.25-3+deb9u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-29T14:42:22", "description": "The Fuzzing Project reports :\n\nApache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-09-20T00:00:00", "type": "nessus", "title": "FreeBSD : Apache -- HTTP OPTIONS method can leak server memory (76b085e2-9d33-11e7-9260-000c292ee6b8) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:apache22", "p-cpe:/a:freebsd:freebsd:apache24", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_76B085E29D3311E79260000C292EE6B8.NASL", "href": "https://www.tenable.com/plugins/nessus/103344", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103344);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-9798\");\n\n script_name(english:\"FreeBSD : Apache -- HTTP OPTIONS method can leak server memory (76b085e2-9d33-11e7-9260-000c292ee6b8) (Optionsbleed)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Fuzzing Project reports :\n\nApache httpd allows remote attackers to read secret data from process\nmemory if the Limit directive can be set in a user's .htaccess file,\nor if httpd.conf has certain misconfigurations, aka Optionsbleed. This\naffects the Apache HTTP Server through 2.2.34 and 2.4.x through\n2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request\nwhen attempting to read secret data. This is a use-after-free issue\nand thus secret data is not always sent, and the specific data depends\non many factors including configuration. Exploitation with .htaccess\ncan be blocked with a patch to the ap_limit_section function in\nserver/core.c.\"\n );\n # https://vuxml.freebsd.org/freebsd/76b085e2-9d33-11e7-9260-000c292ee6b8.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5a9655b5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache22\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache24\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"apache24<2.4.27_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"apache22<2.2.34_1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-29T14:42:22", "description": "Hanno Bock discovered that the Apache HTTP Server incorrectly handled Limit directives in .htaccess files. In certain configurations, a remote attacker could possibly use this issue to read arbitrary server memory, including sensitive information. This issue is known as Optionsbleed.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-09-20T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : apache2 vulnerability (USN-3425-1) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:apache2-bin", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.04"], "id": "UBUNTU_USN-3425-1.NASL", "href": "https://www.tenable.com/plugins/nessus/103356", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3425-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103356);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-9798\");\n script_xref(name:\"USN\", value:\"3425-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : apache2 vulnerability (USN-3425-1) (Optionsbleed)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Hanno Bock discovered that the Apache HTTP Server incorrectly handled\nLimit directives in .htaccess files. In certain configurations, a\nremote attacker could possibly use this issue to read arbitrary server\nmemory, including sensitive information. This issue is known as\nOptionsbleed.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3425-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected apache2-bin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|17\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 17.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"apache2-bin\", pkgver:\"2.4.7-1ubuntu4.18\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"apache2-bin\", pkgver:\"2.4.18-2ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"apache2-bin\", pkgver:\"2.4.25-3ubuntu2.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-bin\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-29T14:42:37", "description": "Security Fix(es) :\n\n - A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-10-12T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : httpd on SL7.x x86_64 (20171011) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:httpd", "p-cpe:/a:fermilab:scientific_linux:httpd-debuginfo", "p-cpe:/a:fermilab:scientific_linux:httpd-devel", "p-cpe:/a:fermilab:scientific_linux:httpd-manual", "p-cpe:/a:fermilab:scientific_linux:httpd-tools", "p-cpe:/a:fermilab:scientific_linux:mod_ldap", "p-cpe:/a:fermilab:scientific_linux:mod_proxy_html", "p-cpe:/a:fermilab:scientific_linux:mod_session", "p-cpe:/a:fermilab:scientific_linux:mod_ssl", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20171011_HTTPD_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/103806", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103806);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-9798\");\n\n script_name(english:\"Scientific Linux Security Update : httpd on SL7.x x86_64 (20171011) (Optionsbleed)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - A use-after-free flaw was found in the way httpd handled\n invalid and previously unregistered HTTP methods\n specified in the Limit directive used in an .htaccess\n file. A remote attacker could possibly use this flaw to\n disclose portions of the server memory, or cause httpd\n child process to crash. (CVE-2017-9798)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1710&L=scientific-linux-errata&F=&S=&P=9988\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e195877f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/12\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"httpd-2.4.6-67.el7_4.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"httpd-debuginfo-2.4.6-67.el7_4.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"httpd-devel-2.4.6-67.el7_4.5\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"httpd-manual-2.4.6-67.el7_4.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"httpd-tools-2.4.6-67.el7_4.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mod_ldap-2.4.6-67.el7_4.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mod_proxy_html-2.4.6-67.el7_4.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mod_session-2.4.6-67.el7_4.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mod_ssl-2.4.6-67.el7_4.5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-29T14:43:31", "description": "An update for httpd is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno Bock for reporting this issue.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-10-12T00:00:00", "type": "nessus", "title": "CentOS 7 : httpd (CESA-2017:2882) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:httpd", "p-cpe:/a:centos:centos:httpd-devel", "p-cpe:/a:centos:centos:httpd-manual", "p-cpe:/a:centos:centos:httpd-tools", "p-cpe:/a:centos:centos:mod_ldap", "p-cpe:/a:centos:centos:mod_proxy_html", "p-cpe:/a:centos:centos:mod_session", "p-cpe:/a:centos:centos:mod_ssl", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2017-2882.NASL", "href": "https://www.tenable.com/plugins/nessus/103790", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:2882 and \n# CentOS Errata and Security Advisory 2017:2882 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103790);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-9798\");\n script_xref(name:\"RHSA\", value:\"2017:2882\");\n\n script_name(english:\"CentOS 7 : httpd (CESA-2017:2882) (Optionsbleed)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for httpd is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* A use-after-free flaw was found in the way httpd handled invalid and\npreviously unregistered HTTP methods specified in the Limit directive\nused in an .htaccess file. A remote attacker could possibly use this\nflaw to disclose portions of the server memory, or cause httpd child\nprocess to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno Bock for reporting this issue.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-October/022565.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?68e97394\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-9798\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/12\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"httpd-2.4.6-67.el7.centos.5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"httpd-devel-2.4.6-67.el7.centos.5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"httpd-manual-2.4.6-67.el7.centos.5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"httpd-tools-2.4.6-67.el7.centos.5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mod_ldap-2.4.6-67.el7.centos.5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mod_proxy_html-2.4.6-67.el7.centos.5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mod_session-2.4.6-67.el7.centos.5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mod_ssl-2.4.6-67.el7.centos.5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-tools / mod_ldap / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-29T14:43:16", "description": "This update for apache2 fixes one issues. This security issue was fixed :\n\n - CVE-2017-9798: Prevent use-after-free use of memory that allowed for an information leak via OPTIONS (bsc#1058058)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-10-13T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : apache2 (SUSE-SU-2017:2718-1) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2", "p-cpe:/a:novell:suse_linux:apache2-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-debugsource", "p-cpe:/a:novell:suse_linux:apache2-example-pages", "p-cpe:/a:novell:suse_linux:apache2-prefork", "p-cpe:/a:novell:suse_linux:apache2-prefork-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-utils", "p-cpe:/a:novell:suse_linux:apache2-utils-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-worker", "p-cpe:/a:novell:suse_linux:apache2-worker-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-2718-1.NASL", "href": "https://www.tenable.com/plugins/nessus/103833", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2718-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103833);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-9798\");\n\n script_name(english:\"SUSE SLES12 Security Update : apache2 (SUSE-SU-2017:2718-1) (Optionsbleed)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for apache2 fixes one issues. This security issue was\nfixed :\n\n - CVE-2017-9798: Prevent use-after-free use of memory that\n allowed for an information leak via OPTIONS\n (bsc#1058058)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058058\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9798/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172718-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b3bb4ad6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 6:zypper in -t patch\nSUSE-OpenStack-Cloud-6-2017-1682=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2017-1682=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2017-1682=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-prefork-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-worker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"apache2-2.4.16-20.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"apache2-debuginfo-2.4.16-20.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"apache2-debugsource-2.4.16-20.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"apache2-example-pages-2.4.16-20.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"apache2-prefork-2.4.16-20.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"apache2-prefork-debuginfo-2.4.16-20.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"apache2-utils-2.4.16-20.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"apache2-utils-debuginfo-2.4.16-20.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"apache2-worker-2.4.16-20.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"apache2-worker-debuginfo-2.4.16-20.13.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-29T14:43:17", "description": "According to the version of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-11-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : httpd (EulerOS-SA-2017-1253)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:httpd", "p-cpe:/a:huawei:euleros:httpd-devel", "p-cpe:/a:huawei:euleros:httpd-manual", "p-cpe:/a:huawei:euleros:httpd-tools", "p-cpe:/a:huawei:euleros:mod_ssl", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1253.NASL", "href": "https://www.tenable.com/plugins/nessus/104278", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104278);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-9798\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : httpd (EulerOS-SA-2017-1253)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the httpd packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - A use-after-free flaw was found in the way httpd\n handled invalid and previously unregistered HTTP\n methods specified in the Limit directive used in an\n .htaccess file. A remote attacker could possibly use\n this flaw to disclose portions of the server memory, or\n cause httpd child process to crash. (CVE-2017-9798)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1253\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?97163687\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected httpd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"httpd-2.4.6-45.0.1.4.h5\",\n \"httpd-devel-2.4.6-45.0.1.4.h5\",\n \"httpd-manual-2.4.6-45.0.1.4.h5\",\n \"httpd-tools-2.4.6-45.0.1.4.h5\",\n \"mod_ssl-2.4.6-45.0.1.4.h5\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-29T15:04:05", "description": "This is a release fixing a security fix applied upstream, known as 'optionsbleed' in popular parlance.\n\nIt is relevant for hosted and co-located instances of Fedora (and why wouldn't you?).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-01-15T00:00:00", "type": "nessus", "title": "Fedora 27 : httpd (2017-fdd3a98e8f) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:httpd", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2017-FDD3A98E8F.NASL", "href": "https://www.tenable.com/plugins/nessus/106018", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-fdd3a98e8f.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106018);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-9798\");\n script_xref(name:\"FEDORA\", value:\"2017-fdd3a98e8f\");\n\n script_name(english:\"Fedora 27 : httpd (2017-fdd3a98e8f) (Optionsbleed)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This is a release fixing a security fix applied upstream, known as\n'optionsbleed' in popular parlance.\n\nIt is relevant for hosted and co-located instances of Fedora (and why\nwouldn't you?).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-fdd3a98e8f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected httpd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"httpd-2.4.27-8.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-29T14:41:58", "description": "Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration.(CVE-2017-9798)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-09-19T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : httpd24 / httpd (ALAS-2017-896) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2019-04-10T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:httpd", "p-cpe:/a:amazon:linux:httpd-debuginfo", "p-cpe:/a:amazon:linux:httpd-devel", "p-cpe:/a:amazon:linux:httpd-manual", "p-cpe:/a:amazon:linux:httpd-tools", "p-cpe:/a:amazon:linux:httpd24", "p-cpe:/a:amazon:linux:httpd24-debuginfo", "p-cpe:/a:amazon:linux:httpd24-devel", "p-cpe:/a:amazon:linux:httpd24-manual", "p-cpe:/a:amazon:linux:httpd24-tools", "p-cpe:/a:amazon:linux:mod24_ldap", "p-cpe:/a:amazon:linux:mod24_proxy_html", "p-cpe:/a:amazon:linux:mod24_session", "p-cpe:/a:amazon:linux:mod24_ssl", "p-cpe:/a:amazon:linux:mod_ssl", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2017-896.NASL", "href": "https://www.tenable.com/plugins/nessus/103309", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-896.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103309);\n script_version(\"3.7\");\n script_cvs_date(\"Date: 2019/04/10 16:10:16\");\n\n script_cve_id(\"CVE-2017-9798\");\n script_xref(name:\"ALAS\", value:\"2017-896\");\n\n script_name(english:\"Amazon Linux AMI : httpd24 / httpd (ALAS-2017-896) (Optionsbleed)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Apache httpd allows remote attackers to read secret data from process\nmemory if the Limit directive can be set in a user's .htaccess file,\nor if httpd.conf has certain misconfigurations, aka Optionsbleed. The\nattacker sends an unauthenticated OPTIONS HTTP request when attempting\nto read secret data. This is a use-after-free issue and thus secret\ndata is not always sent, and the specific data depends on many factors\nincluding configuration.(CVE-2017-9798)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-896.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Run 'yum update httpd24' to update your system.\n\nRun 'yum update httpd' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"httpd-2.2.34-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-debuginfo-2.2.34-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-devel-2.2.34-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-manual-2.2.34-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-tools-2.2.34-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd24-2.4.27-3.73.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd24-debuginfo-2.4.27-3.73.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd24-devel-2.4.27-3.73.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd24-manual-2.4.27-3.73.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd24-tools-2.4.27-3.73.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod24_ldap-2.4.27-3.73.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod24_proxy_html-2.4.27-3.73.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod24_session-2.4.27-3.73.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod24_ssl-2.4.27-3.73.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod_ssl-2.2.34-1.15.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-29T14:43:30", "description": "According to the version of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-11-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : httpd (EulerOS-SA-2017-1252)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:httpd", "p-cpe:/a:huawei:euleros:httpd-devel", "p-cpe:/a:huawei:euleros:httpd-manual", "p-cpe:/a:huawei:euleros:httpd-tools", "p-cpe:/a:huawei:euleros:mod_ssl", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1252.NASL", "href": "https://www.tenable.com/plugins/nessus/104277", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104277);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-9798\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : httpd (EulerOS-SA-2017-1252)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the httpd packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - A use-after-free flaw was found in the way httpd\n handled invalid and previously unregistered HTTP\n methods specified in the Limit directive used in an\n .htaccess file. A remote attacker could possibly use\n this flaw to disclose portions of the server memory, or\n cause httpd child process to crash. (CVE-2017-9798)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1252\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d09c3870\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected httpd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"httpd-2.4.6-45.0.1.4.h8\",\n \"httpd-devel-2.4.6-45.0.1.4.h8\",\n \"httpd-manual-2.4.6-45.0.1.4.h8\",\n \"httpd-tools-2.4.6-45.0.1.4.h8\",\n \"mod_ssl-2.4.6-45.0.1.4.h8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-29T14:43:16", "description": "An update for httpd is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno Bock for reporting this issue.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-10-12T00:00:00", "type": "nessus", "title": "RHEL 7 : httpd (RHSA-2017:2882) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-tools", "p-cpe:/a:redhat:enterprise_linux:mod_ldap", "p-cpe:/a:redhat:enterprise_linux:mod_proxy_html", "p-cpe:/a:redhat:enterprise_linux:mod_session", "p-cpe:/a:redhat:enterprise_linux:mod_ssl", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2017-2882.NASL", "href": "https://www.tenable.com/plugins/nessus/103804", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:2882. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103804);\n script_version(\"3.12\");\n script_cvs_date(\"Date: 2019/10/24 15:35:43\");\n\n script_cve_id(\"CVE-2017-9798\");\n script_xref(name:\"RHSA\", value:\"2017:2882\");\n\n script_name(english:\"RHEL 7 : httpd (RHSA-2017:2882) (Optionsbleed)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for httpd is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* A use-after-free flaw was found in the way httpd handled invalid and\npreviously unregistered HTTP methods specified in the Limit directive\nused in an .htaccess file. A remote attacker could possibly use this\nflaw to disclose portions of the server memory, or cause httpd child\nprocess to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno Bock for reporting this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:2882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-9798\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/12\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:2882\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"httpd-2.4.6-67.el7.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd-2.4.6-67.el7.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"httpd-debuginfo-2.4.6-67.el7.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd-debuginfo-2.4.6-67.el7.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"httpd-devel-2.4.6-67.el7.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd-devel-2.4.6-67.el7.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"httpd-manual-2.4.6-67.el7.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"httpd-tools-2.4.6-67.el7.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd-tools-2.4.6-67.el7.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mod_ldap-2.4.6-67.el7.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_ldap-2.4.6-67.el7.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mod_proxy_html-2.4.6-67.el7.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_proxy_html-2.4.6-67.el7.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mod_session-2.4.6-67.el7.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_session-2.4.6-67.el7.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mod_ssl-2.4.6-67.el7.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_ssl-2.4.6-67.el7.5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-30T14:45:02", "description": "From Red Hat Security Advisory 2017:2882 :\n\nAn update for httpd is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno Bock for reporting this issue.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-10-12T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : httpd (ELSA-2017-2882) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:httpd", "p-cpe:/a:oracle:linux:httpd-devel", "p-cpe:/a:oracle:linux:httpd-manual", "p-cpe:/a:oracle:linux:httpd-tools", "p-cpe:/a:oracle:linux:mod_ldap", "p-cpe:/a:oracle:linux:mod_proxy_html", "p-cpe:/a:oracle:linux:mod_session", "p-cpe:/a:oracle:linux:mod_ssl", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2017-2882.NASL", "href": "https://www.tenable.com/plugins/nessus/103803", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2017:2882 and \n# Oracle Linux Security Advisory ELSA-2017-2882 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103803);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-9798\");\n script_xref(name:\"RHSA\", value:\"2017:2882\");\n\n script_name(english:\"Oracle Linux 7 : httpd (ELSA-2017-2882) (Optionsbleed)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2017:2882 :\n\nAn update for httpd is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* A use-after-free flaw was found in the way httpd handled invalid and\npreviously unregistered HTTP methods specified in the Limit directive\nused in an .htaccess file. A remote attacker could possibly use this\nflaw to disclose portions of the server memory, or cause httpd child\nprocess to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno Bock for reporting this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-October/007263.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/12\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"httpd-2.4.6-67.0.1.el7_4.5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"httpd-devel-2.4.6-67.0.1.el7_4.5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"httpd-manual-2.4.6-67.0.1.el7_4.5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"httpd-tools-2.4.6-67.0.1.el7_4.5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mod_ldap-2.4.6-67.0.1.el7_4.5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mod_proxy_html-2.4.6-67.0.1.el7_4.5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mod_session-2.4.6-67.0.1.el7_4.5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mod_ssl-2.4.6-67.0.1.el7_4.5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-tools / mod_ldap / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:44:29", "description": "According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.28. It is, therefore, affected by an HTTP vulnerability related to the <Limit {method}> directive in an .htaccess file.\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-01-09T00:00:00", "type": "nessus", "title": "Apache 2.4.x < 2.4.28 HTTP Vulnerability (OptionsBleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2022-10-26T00:00:00", "cpe": ["cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98913", "href": "https://www.tenable.com/plugins/was/98913", "sourceData": "No source data", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-29T14:41:45", "description": "New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-09-19T00:00:00", "type": "nessus", "title": "Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : httpd (SSA:2017-261-01) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:httpd", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:13.0", "cpe:/o:slackware:slackware_linux:13.1", "cpe:/o:slackware:slackware_linux:13.37", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2017-261-01.NASL", "href": "https://www.tenable.com/plugins/nessus/103306", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2017-261-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103306);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-9798\");\n script_xref(name:\"SSA\", value:\"2017-261-01\");\n\n script_name(english:\"Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : httpd (SSA:2017-261-01) (Optionsbleed)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New httpd packages are available for Slackware 13.0, 13.1, 13.37,\n14.0, 14.1, 14.2, and -current to fix a security issue.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.551634\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bf69bb8a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected httpd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"13.0\", pkgname:\"httpd\", pkgver:\"2.2.34\", pkgarch:\"i486\", pkgnum:\"2_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.2.34\", pkgarch:\"x86_64\", pkgnum:\"2_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"httpd\", pkgver:\"2.2.34\", pkgarch:\"i486\", pkgnum:\"2_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.2.34\", pkgarch:\"x86_64\", pkgnum:\"2_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"httpd\", pkgver:\"2.2.34\", pkgarch:\"i486\", pkgnum:\"2_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.2.34\", pkgarch:\"x86_64\", pkgnum:\"2_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"14.0\", pkgname:\"httpd\", pkgver:\"2.4.27\", pkgarch:\"i486\", pkgnum:\"2_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.4.27\", pkgarch:\"x86_64\", pkgnum:\"2_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"httpd\", pkgver:\"2.4.27\", pkgarch:\"i486\", pkgnum:\"2_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.4.27\", pkgarch:\"x86_64\", pkgnum:\"2_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"httpd\", pkgver:\"2.4.27\", pkgarch:\"i586\", pkgnum:\"2_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.4.27\", pkgarch:\"x86_64\", pkgnum:\"2_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"httpd\", pkgver:\"2.4.27\", pkgarch:\"i586\", pkgnum:\"3\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.4.27\", pkgarch:\"x86_64\", pkgnum:\"3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-29T14:41:58", "description": "This update for apache2 fixes the following security issue :\n\n - CVE-2017-9798: Prevent use-after-free use of memory that allowed for an information leak via OPTIONS (bsc#1058058).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-09-22T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : apache2 (SUSE-SU-2017:2542-1) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2", "p-cpe:/a:novell:suse_linux:apache2-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-debugsource", "p-cpe:/a:novell:suse_linux:apache2-example-pages", "p-cpe:/a:novell:suse_linux:apache2-prefork", "p-cpe:/a:novell:suse_linux:apache2-prefork-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-utils", "p-cpe:/a:novell:suse_linux:apache2-utils-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-worker", "p-cpe:/a:novell:suse_linux:apache2-worker-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-2542-1.NASL", "href": "https://www.tenable.com/plugins/nessus/103413", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2542-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103413);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-9798\");\n\n script_name(english:\"SUSE SLES12 Security Update : apache2 (SUSE-SU-2017:2542-1) (Optionsbleed)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for apache2 fixes the following security issue :\n\n - CVE-2017-9798: Prevent use-after-free use of memory that\n allowed for an information leak via OPTIONS\n (bsc#1058058).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058058\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9798/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172542-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e60e3183\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2017-1572=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-1572=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-1572=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2017-1572=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-1572=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-prefork-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-worker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/22\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"apache2-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"apache2-debuginfo-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"apache2-debugsource-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"apache2-example-pages-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"apache2-prefork-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"apache2-prefork-debuginfo-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"apache2-utils-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"apache2-utils-debuginfo-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"apache2-worker-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"apache2-worker-debuginfo-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"apache2-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"apache2-debuginfo-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"apache2-debugsource-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"apache2-example-pages-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"apache2-prefork-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"apache2-prefork-debuginfo-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"apache2-utils-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"apache2-utils-debuginfo-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"apache2-worker-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"apache2-worker-debuginfo-2.4.23-29.6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:50:44", "description": "This update for ovmf fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-0739: Update openssl to 1.0.2o to limit ASN.1 constructed types recursive definition depth (bsc#1094289).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2019-03-27T00:00:00", "type": "nessus", "title": "openSUSE Security Update : ovmf (openSUSE-2019-563)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0739"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ovmf", "p-cpe:/a:novell:opensuse:ovmf-tools", "p-cpe:/a:novell:opensuse:qemu-ovmf-ia32", "p-cpe:/a:novell:opensuse:qemu-ovmf-x86_64", "p-cpe:/a:novell:opensuse:qemu-ovmf-x86_64-debug", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-563.NASL", "href": "https://www.tenable.com/plugins/nessus/123242", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-563.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123242);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-0739\");\n\n script_name(english:\"openSUSE Security Update : ovmf (openSUSE-2019-563)\");\n script_summary(english:\"Check for the openSUSE-2019-563 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ovmf fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-0739: Update openssl to 1.0.2o to limit ASN.1\n constructed types recursive definition depth\n (bsc#1094289).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1094289\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ovmf packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ovmf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ovmf-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ovmf-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ovmf-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ovmf-x86_64-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"ovmf-2017+git1510945757.b2662641d5-lp150.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"ovmf-tools-2017+git1510945757.b2662641d5-lp150.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-ovmf-ia32-2017+git1510945757.b2662641d5-lp150.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-lp150.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"qemu-ovmf-x86_64-debug-2017+git1510945757.b2662641d5-lp150.4.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ovmf / ovmf-tools / qemu-ovmf-x86_64 / qemu-ovmf-x86_64-debug / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T15:23:55", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ovmf packages installed that are affected by a vulnerability:\n\n - Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g).\n Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).\n (CVE-2018-0739)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : ovmf Vulnerability (NS-SA-2019-0066)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0739"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0066_OVMF.NASL", "href": "https://www.tenable.com/plugins/nessus/127265", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0066. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127265);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2018-0739\");\n script_bugtraq_id(103518);\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : ovmf Vulnerability (NS-SA-2019-0066)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ovmf packages installed that are affected by a\nvulnerability:\n\n - Constructed ASN.1 types with a recursive definition\n (such as can be found in PKCS7) could eventually exceed\n the stack given malicious input with excessive\n recursion. This could result in a Denial Of Service\n attack. There are no such structures used within SSL/TLS\n that come from untrusted sources so this is considered\n safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g).\n Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).\n (CVE-2018-0739)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0066\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL ovmf packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-0739\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"OVMF-20180508-3.gitee3198e672e2.el7\"\n ],\n \"CGSL MAIN 5.04\": [\n \"OVMF-20180508-3.gitee3198e672e2.el7\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ovmf\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T15:19:23", "description": "An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 6 and Red Hat JBoss Web Server 3.1 for RHEL 7.\n\nRed Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nRed Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 3.1 Service Pack 7 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es) :\n\n* openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2019-07-10T00:00:00", "type": "nessus", "title": "RHEL 6 / 7 : Red Hat JBoss Web Server 3.1 Service Pack 7 (RHSA-2019:1711)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0739"], "modified": "2020-01-08T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tomcat-native", "p-cpe:/a:redhat:enterprise_linux:tomcat-native-debuginfo", "p-cpe:/a:redhat:enterprise_linux:tomcat7", "p-cpe:/a:redhat:enterprise_linux:tomcat7-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat7-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat7-el-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat7-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat7-jsp-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat7-jsvc", "p-cpe:/a:redhat:enterprise_linux:tomcat7-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat7-log4j", "p-cpe:/a:redhat:enterprise_linux:tomcat7-selinux", "p-cpe:/a:redhat:enterprise_linux:tomcat7-servlet-3.0-api", "p-cpe:/a:redhat:enterprise_linux:tomcat7-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat8", "p-cpe:/a:redhat:enterprise_linux:tomcat8-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat8-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat8-el-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat8-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat8-jsp-2.3-api", "p-cpe:/a:redhat:enterprise_linux:tomcat8-jsvc", "p-cpe:/a:redhat:enterprise_linux:tomcat8-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat8-log4j", "p-cpe:/a:redhat:enterprise_linux:tomcat8-selinux", "p-cpe:/a:redhat:enterprise_linux:tomcat8-servlet-3.1-api", "p-cpe:/a:redhat:enterprise_linux:tomcat8-webapps", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2019-1711.NASL", "href": "https://www.tenable.com/plugins/nessus/126594", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1711. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126594);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2020/01/08\");\n\n script_cve_id(\"CVE-2018-0739\");\n script_xref(name:\"RHSA\", value:\"2019:1711\");\n\n script_name(english:\"RHEL 6 / 7 : Red Hat JBoss Web Server 3.1 Service Pack 7 (RHSA-2019:1711)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 6\nand Red Hat JBoss Web Server 3.1 for RHEL 7.\n\nRed Hat Product Security has rated this release as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the\nApache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat\nConnector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and\nthe Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 3.1 Service Pack 7 serves as\na replacement for Red Hat JBoss Web Server 3.1, and includes bug\nfixes, which are documented in the Release Notes document linked to in\nthe References.\n\nSecurity Fix(es) :\n\n* openssl: Handling of crafted recursive ASN.1 structures can cause a\nstack overflow and resulting denial of service (CVE-2018-0739)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n # https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/3.1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0349df1b\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:1711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-0739\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-native-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-jsp-2.3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-servlet-3.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1711\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"tomcat-native-1.2.17-19.redhat_19.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"tomcat-native-1.2.17-19.redhat_19.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"tomcat-native-debuginfo-1.2.17-19.redhat_19.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"tomcat-native-debuginfo-1.2.17-19.redhat_19.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-7.0.70-34.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-admin-webapps-7.0.70-34.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-docs-webapp-7.0.70-34.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-el-2.2-api-7.0.70-34.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-javadoc-7.0.70-34.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-jsp-2.2-api-7.0.70-34.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-jsvc-7.0.70-34.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-lib-7.0.70-34.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-log4j-7.0.70-34.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-selinux-7.0.70-34.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-servlet-3.0-api-7.0.70-34.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-webapps-7.0.70-34.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-8.0.36-39.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-admin-webapps-8.0.36-39.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-docs-webapp-8.0.36-39.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-el-2.2-api-8.0.36-39.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-javadoc-8.0.36-39.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-jsp-2.3-api-8.0.36-39.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-jsvc-8.0.36-39.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-lib-8.0.36-39.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-log4j-8.0.36-39.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-selinux-8.0.36-39.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-servlet-3.1-api-8.0.36-39.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-webapps-8.0.36-39.ep7.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"tomcat-native-1.2.17-19.redhat_19.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"tomcat-native-debuginfo-1.2.17-19.redhat_19.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-7.0.70-34.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-admin-webapps-7.0.70-34.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-docs-webapp-7.0.70-34.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-el-2.2-api-7.0.70-34.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-javadoc-7.0.70-34.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-jsp-2.2-api-7.0.70-34.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-jsvc-7.0.70-34.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-lib-7.0.70-34.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-log4j-7.0.70-34.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-selinux-7.0.70-34.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-servlet-3.0-api-7.0.70-34.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-webapps-7.0.70-34.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-8.0.36-39.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-admin-webapps-8.0.36-39.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-docs-webapp-8.0.36-39.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-el-2.2-api-8.0.36-39.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-javadoc-8.0.36-39.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-jsp-2.3-api-8.0.36-39.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-jsvc-8.0.36-39.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-lib-8.0.36-39.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-log4j-8.0.36-39.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-selinux-8.0.36-39.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-servlet-3.1-api-8.0.36-39.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-webapps-8.0.36-39.ep7.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat-native / tomcat-native-debuginfo / tomcat7 / etc\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:47:43", "description": "The version of OpenSSL installed on the remote AIX host is affected by a denial of service vulnerability.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-07-26T00:00:00", "type": "nessus", "title": "AIX OpenSSL Advisory : openssl_advisory26.asc", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0739"], "modified": "2018-09-17T00:00:00", "cpe": ["cpe:/o:ibm:aix", "cpe:/a:openssl:openssl"], "id": "AIX_OPENSSL_ADVISORY26.NASL", "href": "https://www.tenable.com/plugins/nessus/111353", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111353);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/09/17 21:46:52\");\n\n script_cve_id(\"CVE-2018-0739\");\n script_bugtraq_id(103518);\n\n script_name(english:\"AIX OpenSSL Advisory : openssl_advisory26.asc\");\n script_summary(english:\"Checks the version of the OpenSSL packages and iFixes.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AIX host has a version of OpenSSL installed that is\naffected by a denial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of OpenSSL installed on the remote AIX host is affected by\na denial of service vulnerability.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://aix.software.ibm.com/aix/efixes/security/openssl_advisory26.asc\");\n script_set_attribute(attribute:\"solution\", value:\n\"A fix is available and can be downloaded from the IBM AIX website.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-0739\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"AIX Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\ninclude(\"aix.inc\");\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\noslevel = get_kb_item(\"Host/AIX/version\");\nif (isnull(oslevel)) audit(AUDIT_OS_NOT, \"AIX\");\n\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This AIX package check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\noslevel = oslevel - \"AIX-\";\n\nif ( oslevel != \"5.3\" && oslevel != \"6.1\" && oslevel != \"7.1\" && oslevel != \"7.2\")\n{\n audit(AUDIT_OS_NOT, \"AIX 5.3 / 6.1 / 7.1 / 7.2\", \"AIX \" + oslevel);\n}\n\nflag = 0;\npackage = \"openssl.base\";\n\n# 1.0.2.1300\nif (aix_check_ifix(release:\"5.3\", patch:\"(102ma_ifix)\", package:package, minfilesetver:\"1.0.2.500\", maxfilesetver:\"1.0.2.1300\") < 0) flag++;\nif (aix_check_ifix(release:\"6.1\", patch:\"(102ma_ifix)\", package:package, minfilesetver:\"1.0.2.500\", maxfilesetver:\"1.0.2.1300\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", patch:\"(102ma_ifix)\", package:package, minfilesetver:\"1.0.2.500\", maxfilesetver:\"1.0.2.1300\") < 0) flag++;\nif (aix_check_ifix(release:\"7.2\", patch:\"(102ma_ifix)\", package:package, minfilesetver:\"1.0.2.500\", maxfilesetver:\"1.0.2.1300\") < 0) flag++;\n\n# 20.13.102.1300\nif (aix_check_ifix(release:\"5.3\", patch:\"(fips_102ma)\", package:package, minfilesetver:\"20.13.102.1000\", maxfilesetver:\"20.13.102.1300\") < 0) flag++;\nif (aix_check_ifix(release:\"6.1\", patch:\"(fips_102ma)\", package:package, minfilesetver:\"20.13.102.1000\", maxfilesetver:\"20.13.102.1300\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", patch:\"(fips_102ma)\", package:package, minfilesetver:\"20.13.102.1000\", maxfilesetver:\"20.13.102.1300\") < 0) flag++;\nif (aix_check_ifix(release:\"7.2\", patch:\"(fips_102ma)\", package:package, minfilesetver:\"20.13.102.1000\", maxfilesetver:\"20.13.102.1300\") < 0) flag++;\n\nif (flag)\n{\n aix_report_extra = ereg_replace(string:aix_report_get(), pattern:\"[()]\", replace:\"\");\n aix_report_extra = ereg_replace(string:aix_report_extra, pattern:\"[|]\", replace:\" or \");\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : aix_report_extra\n );\n}\nelse\n{\n tested = aix_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, package);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:48:26", "description": "This update for ovmf provide the following fix :\n\nSecurity issues fixed :\n\n - CVE-2018-0739: Update openssl to 1.0.2o to limit ASN.1 constructed types recursive definition depth (bsc#1094290, bsc#1094291).\n\nBug fixes :\n\n - Only use SLES-UEFI-CA-Certificate-2048.crt for the SUSE flavor to provide the better compatibility.\n (bsc#1077330)\n\nThis update was imported from the SUSE:SLE-12-SP3:Update update project.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-08-08T00:00:00", "type": "nessus", "title": "openSUSE Security Update : ovmf (openSUSE-2018-823)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0739"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ovmf", "p-cpe:/a:novell:opensuse:ovmf-tools", "p-cpe:/a:novell:opensuse:qemu-ovmf-ia32", "p-cpe:/a:novell:opensuse:qemu-ovmf-x86_64", "p-cpe:/a:novell:opensuse:qemu-ovmf-x86_64-debug", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-823.NASL", "href": "https://www.tenable.com/plugins/nessus/111588", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-823.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(111588);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-0739\");\n\n script_name(english:\"openSUSE Security Update : ovmf (openSUSE-2018-823)\");\n script_summary(english:\"Check for the openSUSE-2018-823 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ovmf provide the following fix :\n\nSecurity issues fixed :\n\n - CVE-2018-0739: Update openssl to 1.0.2o to limit ASN.1\n constructed types recursive definition depth\n (bsc#1094290, bsc#1094291).\n\nBug fixes :\n\n - Only use SLES-UEFI-CA-Certificate-2048.crt for the SUSE\n flavor to provide the better compatibility.\n (bsc#1077330)\n\nThis update was imported from the SUSE:SLE-12-SP3:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1077330\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1094290\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1094291\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ovmf packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ovmf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ovmf-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ovmf-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ovmf-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ovmf-x86_64-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ovmf-2017+git1492060560.b6d11d7c46-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ovmf-tools-2017+git1492060560.b6d11d7c46-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"qemu-ovmf-ia32-2017+git1492060560.b6d11d7c46-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"qemu-ovmf-x86_64-2017+git1492060560.b6d11d7c46-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-ovmf-x86_64-debug-2017+git1492060560.b6d11d7c46-10.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ovmf / ovmf-tools / qemu-ovmf-ia32 / qemu-ovmf-x86_64 / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:48:36", "description": "This update for ovmf fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-0739: Update openssl to 1.0.2o to limit ASN.1 constructed types recursive definition depth (bsc#1094289).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-08-07T00:00:00", "type": "nessus", "title": "openSUSE Security Update : ovmf (openSUSE-2018-807)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0739"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ovmf", "p-cpe:/a:novell:opensuse:ovmf-tools", "p-cpe:/a:novell:opensuse:qemu-ovmf-ia32", "p-cpe:/a:novell:opensuse:qemu-ovmf-x86_64", "p-cpe:/a:novell:opensuse:qemu-ovmf-x86_64-debug", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2018-807.NASL", "href": "https://www.tenable.com/plugins/nessus/111569", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-807.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(111569);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-0739\");\n\n script_name(english:\"openSUSE Security Update : ovmf (openSUSE-2018-807)\");\n script_summary(english:\"Check for the openSUSE-2018-807 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ovmf fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-0739: Update openssl to 1.0.2o to limit ASN.1\n constructed types recursive definition depth\n (bsc#1094289).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1094289\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ovmf packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ovmf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ovmf-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ovmf-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ovmf-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ovmf-x86_64-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"ovmf-2017+git1510945757.b2662641d5-lp150.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"ovmf-tools-2017+git1510945757.b2662641d5-lp150.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-ovmf-ia32-2017+git1510945757.b2662641d5-lp150.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-lp150.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"qemu-ovmf-x86_64-debug-2017+git1510945757.b2662641d5-lp150.4.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ovmf / ovmf-tools / qemu-ovmf-x86_64 / qemu-ovmf-x86_64-debug / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:49:01", "description": "This update for ovmf provide the following fix: Security issues fixed :\n\n - CVE-2018-0739: Update openssl to 1.0.2o to limit ASN.1 constructed types recursive definition depth (bsc#1094290, bsc#1094291). Bug fixes :\n\n - Only use SLES-UEFI-CA-Certificate-2048.crt for the SUSE flavor to provide the better compatibility.\n (bsc#1077330)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-08-02T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : ovmf (SUSE-SU-2018:2158-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0739"], "modified": "2019-09-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:ovmf", "p-cpe:/a:novell:suse_linux:ovmf-tools", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-2158-1.NASL", "href": "https://www.tenable.com/plugins/nessus/111507", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:2158-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111507);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/09/10 13:51:48\");\n\n script_cve_id(\"CVE-2018-0739\");\n\n script_name(english:\"SUSE SLES12 Security Update : ovmf (SUSE-SU-2018:2158-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ovmf provide the following fix: Security issues \nfixed :\n\n - CVE-2018-0739: Update openssl to 1.0.2o to limit ASN.1\n constructed types recursive definition depth\n (bsc#1094290, bsc#1094291). Bug fixes :\n\n - Only use SLES-UEFI-CA-Certificate-2048.crt for the SUSE\n flavor to provide the better compatibility.\n (bsc#1077330)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077330\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094290\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094291\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-0739/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20182158-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c8fc64b4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-1470=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ovmf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ovmf-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"ovmf-2017+git1492060560.b6d11d7c46-4.9.4\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"ovmf-tools-2017+git1492060560.b6d11d7c46-4.9.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ovmf\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:49:18", "description": "Description of changes:\n\n[1.0.1e-57.0.5]\n- Merge upstream patch to fix CVE-2018-0739", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-09-27T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : openssl (ELSA-2018-4228)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0739"], "modified": "2022-03-02T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:openssl", "p-cpe:/a:oracle:linux:openssl-devel", "p-cpe:/a:oracle:linux:openssl-perl", "p-cpe:/a:oracle:linux:openssl-static", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2018-4228.NASL", "href": "https://www.tenable.com/plugins/nessus/117770", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2018-4228.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(117770);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/02\");\n\n script_cve_id(\"CVE-2018-0739\");\n\n script_name(english:\"Oracle Linux 6 : openssl (ELSA-2018-4228)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"Description of changes:\n\n[1.0.1e-57.0.5]\n- Merge upstream patch to fix CVE-2018-0739\");\n script_set_attribute(attribute:\"see_also\", value:\"https://oss.oracle.com/pipermail/el-errata/2018-September/008083.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-0739\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"openssl-1.0.1e-57.0.5.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openssl-devel-1.0.1e-57.0.5.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openssl-perl-1.0.1e-57.0.5.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openssl-static-1.0.1e-57.0.5.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-perl / openssl-static\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:51:16", "description": "An update for ovmf is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nOVMF (Open Virtual Machine Firmware) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM.\n\nThe following packages have been upgraded to a later upstream version:\novmf (20180508). (BZ#1559542)\n\nSecurity Fix(es) :\n\n* openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-10-31T00:00:00", "type": "nessus", "title": "RHEL 7 : ovmf (RHSA-2018:3090)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0739"], "modified": "2022-02-01T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:OVMF", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2018-3090.NASL", "href": "https://www.tenable.com/plugins/nessus/118526", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:3090. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118526);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/01\");\n\n script_cve_id(\"CVE-2018-0739\");\n script_xref(name:\"RHSA\", value:\"2018:3090\");\n\n script_name(english:\"RHEL 7 : ovmf (RHSA-2018:3090)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for ovmf is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOVMF (Open Virtual Machine Firmware) is a project to enable UEFI\nsupport for Virtual Machines. This package contains a sample 64-bit\nUEFI firmware for QEMU and KVM.\n\nThe following packages have been upgraded to a later upstream version:\novmf (20180508). (BZ#1559542)\n\nSecurity Fix(es) :\n\n* openssl: Handling of crafted recursive ASN.1 structures can cause a\nstack overflow and resulting denial of service (CVE-2018-0739)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.6 Release Notes linked from the References section.\");\n # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3395ff0b\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2018:3090\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-0739\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected OVMF package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-0739\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:OVMF\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:3090\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", reference:\"OVMF-20180508-3.gitee3198e672e2.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OVMF\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:52:26", "description": "From Red Hat Security Advisory 2018:3090 :\n\nAn update for ovmf is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nOVMF (Open Virtual Machine Firmware) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM.\n\nThe following packages have been upgraded to a later upstream version:\novmf (20180508). (BZ#1559542)\n\nSecurity Fix(es) :\n\n* openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-11-07T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : ovmf (ELSA-2018-3090)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0739"], "modified": "2022-11-01T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:OVMF", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2018-3090.NASL", "href": "https://www.tenable.com/plugins/nessus/118771", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2018:3090 and \n# Oracle Linux Security Advisory ELSA-2018-3090 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118771);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/01\");\n\n script_cve_id(\"CVE-2018-0739\");\n script_xref(name:\"RHSA\", value:\"2018:3090\");\n\n script_name(english:\"Oracle Linux 7 : ovmf (ELSA-2018-3090)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2018:3090 :\n\nAn update for ovmf is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOVMF (Open Virtual Machine Firmware) is a project to enable UEFI\nsupport for Virtual Machines. This package contains a sample 64-bit\nUEFI firmware for QEMU and KVM.\n\nThe following packages have been upgraded to a later upstream version:\novmf (20180508). (BZ#1559542)\n\nSecurity Fix(es) :\n\n* openssl: Handling of crafted recursive ASN.1 structures can cause a\nstack overflow and resulting denial of service (CVE-2018-0739)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.6 Release Notes linked from the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2018-November/008194.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ovmf package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-0739\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:OVMF\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"former\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nvar flag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"OVMF-20180508-3.gitee3198e672e2.el7\", epoch:\"0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OVMF\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:50:30", "description": "The version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by denial of service attack in the Enterprise Manager Base Platform component.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-10-18T00:00:00", "type": "nessus", "title": "Oracle Enterprise Manager Cloud Control (October 2018 CPU)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0739"], "modified": "2022-04-07T00:00:00", "cpe": ["cpe:/a:oracle:enterprise_manager"], "id": "ORACLE_ENTERPRISE_MANAGER_OCT_2018_CPU.NASL", "href": "https://www.tenable.com/plugins/nessus/118203", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118203);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/07\");\n\n script_cve_id(\"CVE-2018-0739\");\n script_bugtraq_id(103518);\n\n script_name(english:\"Oracle Enterprise Manager Cloud Control (October 2018 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An enterprise management application installed on the remote host is\naffected by denial of service attack.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle Enterprise Manager Cloud Control installed on\nthe remote host is affected by denial of service attack in the\nEnterprise Manager Base Platform component.\");\n # https://support.oracle.com/rs?type=doc&id=2433477.1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7ac61f07\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the October 2018 Oracle Critical\nPatch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-0739\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:enterprise_manager\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_enterprise_manager_installed.nbin\");\n script_require_keys(\"installed_sw/Oracle Enterprise Manager Cloud Control\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"oracle_rdbms_cpu_func.inc\");\ninclude(\"install_func.inc\");\n\nproduct = \"Oracle Enterprise Manager Cloud Control\";\ninstall = get_single_install(app_name:product, exit_if_unknown_ver:TRUE);\nversion = install['version'];\nemchome = install['path'];\n\npatchid = NULL;\nmissing = NULL;\npatched = FALSE;\nfix = NULL;\n\nif (version =~ \"^13\\.2\\.0\\.0(\\.[0-9]+)?$\")\n{\n patchid = \"28717501\";\n fix = \"13.2.0.0.181016\";\n}\nelse if (version =~ \"^12\\.1\\.0\\.5(\\.[0-9]+)?$\")\n{\n patchid = \"28595534\";\n fix = \"12.1.0.5.181016\";\n}\n\nif (isnull(patchid))\n audit(AUDIT_HOST_NOT, 'affected');\n\n# compare version to check if we've already adjusted for patch level during detection\nif (ver_compare(ver:version, fix:fix, strict:FALSE) >= 0)\n audit(AUDIT_INST_PATH_NOT_VULN, product, version, emchome);\n\n# Now look for the affected components\npatchesinstalled = find_patches_in_ohomes(ohomes:make_list(emchome));\nif (isnull(patchesinstalled))\n missing = patchid;\nelse\n{\n foreach applied (keys(patchesinstalled[emchome]))\n {\n if (applied == patchid)\n {\n patched = TRUE;\n break;\n }\n else\n {\n foreach bugid (patchesinstalled[emchome][applied]['bugs'])\n {\n if (bugid == patchid)\n {\n patched = TRUE;\n break;\n }\n }\n if (patched) break;\n }\n }\n if (!patched)\n missing = patchid;\n}\n\nif (empty_or_null(missing))\n audit(AUDIT_HOST_NOT, 'affected');\n\norder = make_list('Product', 'Version', \"Missing patch\");\nreport = make_array(\n order[0], product,\n order[1], version,\n order[2], patchid\n);\nreport = report_items_str(report_items:report, ordered_fields:order);\n\nsecurity_report_v4(port:0, extra:report, severity:SECURITY_WARNING);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:41:27", "description": "It was discovered that constructed ASN.1 types with a recursive definition could exceed the stack, potentially leading to a denial of service.\n\nDetails can be found in the upstream advisory:\nhttps://www.openssl.org/news/secadv/20180327.txt", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-03-30T00:00:00", "type": "nessus", "title": "Debian DSA-4158-1 : openssl1.0 - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0739"], "modified": "2018-11-13T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openssl1.0", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4158.NASL", "href": "https://www.tenable.com/plugins/nessus/108731", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4158. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108731);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/13 12:30:46\");\n\n script_cve_id(\"CVE-2018-0739\");\n script_xref(name:\"DSA\", value:\"4158\");\n\n script_name(english:\"Debian DSA-4158-1 : openssl1.0 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that constructed ASN.1 types with a recursive\ndefinition could exceed the stack, potentially leading to a denial of\nservice.\n\nDetails can be found in the upstream advisory:\nhttps://www.openssl.org/news/secadv/20180327.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20180327.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/openssl1.0\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/openssl1.0\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4158\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openssl1.0 packages.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 1.0.2l-2+deb9u3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssl1.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"libssl1.0-dev\", reference:\"1.0.2l-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libssl1.0.2\", reference:\"1.0.2l-2+deb9u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:46:39", "description": "According to its banner, the version of OpenSSL running on the remote host is 1.0.x prior to 1.0.2o. It is, therefore, affected by a remote DoS vulnerability.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-05-21T00:00:00", "type": "nessus", "title": "OpenSSL 1.0.x < 1.0.2o Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0739"], "modified": "2019-11-04T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_1_0_2O.NASL", "href": "https://www.tenable.com/plugins/nessus/109945", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109945);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/11/04\");\n\n script_cve_id(\"CVE-2018-0739\");\n script_bugtraq_id(103518);\n\n script_name(english:\"OpenSSL 1.0.x < 1.0.2o Multiple Vulnerabilities\");\n script_summary(english:\"Performs a banner check.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A service running on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of OpenSSL running on the remote\nhost is 1.0.x prior to 1.0.2o. It is, therefore, affected by a remote \nDoS vulnerability.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20180327.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/openssl-1.0.2-notes.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to OpenSSL version 1.0.2o or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'1.0.2o', min:\"1.0.2\", severity:SECURITY_WARNING);\n\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:41:16", "description": "New openssl packages are available for Slackware 14.2 and -current to fix a security issue.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-03-29T00:00:00", "type": "nessus", "title": "Slackware 14.2 / current : openssl (SSA:2018-087-01)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0739"], "modified": "2018-09-04T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:openssl", "p-cpe:/a:slackware:slackware_linux:openssl-solibs", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2018-087-01.NASL", "href": "https://www.tenable.com/plugins/nessus/108690", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2018-087-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108690);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/09/04 13:20:08\");\n\n script_cve_id(\"CVE-2018-0739\");\n script_xref(name:\"SSA\", value:\"2018-087-01\");\n\n script_name(english:\"Slackware 14.2 / current : openssl (SSA:2018-087-01)\");\n script_summary(english:\"Checks for updated packages in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New openssl packages are available for Slackware 14.2 and -current to\nfix a security issue.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.417225\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?db1ab9e4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl and / or openssl-solibs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:openssl-solibs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.2\", pkgname:\"openssl\", pkgver:\"1.0.2o\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"openssl-solibs\", pkgver:\"1.0.2o\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"1.0.2o\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"1.0.2o\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"openssl\", pkgver:\"1.0.2o\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"openssl-solibs\", pkgver:\"1.0.2o\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"1.0.2o\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"1.0.2o\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:44:08", "description": "It was discovered that constructed ASN.1 types with a recursive definition could exceed the stack, potentially leading to a denial of service.\n\nDetails can be found in the upstream advisory:\nhttps://www.openssl.org/news/secadv/20180327.txt\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 1.0.1t-1+deb7u4.\n\nWe recommend that you upgrade your openssl packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-04-02T00:00:00", "type": "nessus", "title": "Debian DLA-1330-1 : openssl security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0739"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libssl-dev", "p-cpe:/a:debian:debian_linux:libssl-doc", "p-cpe:/a:debian:debian_linux:libssl1.0.0", "p-cpe:/a:debian:debian_linux:libssl1.0.0-dbg", "p-cpe:/a:debian:debian_linux:openssl", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1330.NASL", "href": "https://www.tenable.com/plugins/nessus/108764", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1330-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108764);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2018-0739\");\n\n script_name(english:\"Debian DLA-1330-1 : openssl security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that constructed ASN.1 types with a recursive\ndefinition could exceed the stack, potentially leading to a denial of\nservice.\n\nDetails can be found in the upstream advisory:\nhttps://www.openssl.org/news/secadv/20180327.txt\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1.0.1t-1+deb7u4.\n\nWe recommend that you upgrade your openssl packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/03/msg00033.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/openssl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20180327.txt\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl1.0.0-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libssl-dev\", reference:\"1.0.1t-1+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libssl-doc\", reference:\"1.0.1t-1+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libssl1.0.0\", reference:\"1.0.1t-1+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libssl1.0.0-dbg\", reference:\"1.0.1t-1+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openssl\", reference:\"1.0.1t-1+deb7u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:45:28", "description": "This update for openssl fixes the following issues :\n\n - CVE-2018-0739: Constructed ASN.1 types with a recursive definition could exceed the stack. This could result in a Denial Of Service attack. (bsc#1087102)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-04-10T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : openssl (SUSE-SU-2018:0906-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0739"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libopenssl1_0_0", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:openssl-debuginfo", "p-cpe:/a:novell:suse_linux:openssl-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-0906-1.NASL", "href": "https://www.tenable.com/plugins/nessus/108948", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0906-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108948);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-0739\");\n\n script_name(english:\"SUSE SLES12 Security Update : openssl (SUSE-SU-2018:0906-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for openssl fixes the following issues :\n\n - CVE-2018-0739: Constructed ASN.1 types with a recursive\n definition could exceed the stack. This could result in\n a Denial Of Service attack. (bsc#1087102)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087102\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-0739/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180906-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c59621aa\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2018-608=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-1.0.1i-27.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-32bit-1.0.1i-27.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-debuginfo-1.0.1i-27.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1i-27.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-hmac-1.0.1i-27.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.1i-27.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssl-1.0.1i-27.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssl-debuginfo-1.0.1i-27.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssl-debugsource-1.0.1i-27.31.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:44:22", "description": "Minor security update from upstream fixing CVE-2018-0739\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-04-10T00:00:00", "type": "nessus", "title": "Fedora 27 : 1:compat-openssl10 (2018-9490b422e7)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0739"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:compat-openssl10", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2018-9490B422E7.NASL", "href": "https://www.tenable.com/plugins/nessus/108913", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-9490b422e7.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108913);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-0739\");\n script_xref(name:\"FEDORA\", value:\"2018-9490b422e7\");\n\n script_name(english:\"Fedora 27 : 1:compat-openssl10 (2018-9490b422e7)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Minor security update from upstream fixing CVE-2018-0739\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-9490b422e7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:compat-openssl10 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:compat-openssl10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"compat-openssl10-1.0.2o-1.fc27\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:compat-openssl10\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:44:23", "description": "Minor security update from upstream fixing CVE-2018-0739\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-04-10T00:00:00", "type": "nessus", "title": "Fedora 26 : 1:compat-openssl10 (2018-1b4f1158e2)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0739"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:compat-openssl10", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2018-1B4F1158E2.NASL", "href": "https://www.tenable.com/plugins/nessus/108910", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-1b4f1158e2.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108910);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-0739\");\n script_xref(name:\"FEDORA\", value:\"2018-1b4f1158e2\");\n\n script_name(english:\"Fedora 26 : 1:compat-openssl10 (2018-1b4f1158e2)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Minor security update from upstream fixing CVE-2018-0739\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-1b4f1158e2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:compat-openssl10 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:compat-openssl10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"compat-openssl10-1.0.2o-1.fc26\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:compat-openssl10\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:45:28", "description": "This update for openssl fixes the following issues :\n\n - CVE-2018-0739: Constructed ASN.1 types with a recursive definition could exceed the stack. This could result in a Denial Of Service attack. (bsc#1087102)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-04-10T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : openssl (SUSE-SU-2018:0902-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0739"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libopenssl1_0_0", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:openssl-debuginfo", "p-cpe:/a:novell:suse_linux:openssl-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-0902-1.NASL", "href": "https://www.tenable.com/plugins/nessus/108946", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0902-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108946);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-0739\");\n\n script_name(english:\"SUSE SLES12 Security Update : openssl (SUSE-SU-2018:0902-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for openssl fixes the following issues :\n\n - CVE-2018-0739: Constructed ASN.1 types with a recursive\n definition could exceed the stack. This could result in\n a Denial Of Service attack. (bsc#1087102)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087102\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-0739/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180902-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?38879a83\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 6:zypper in -t patch\nSUSE-OpenStack-Cloud-6-2018-601=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2018-601=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2018-601=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libopenssl1_0_0-1.0.1i-54.11.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libopenssl1_0_0-32bit-1.0.1i-54.11.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libopenssl1_0_0-debuginfo-1.0.1i-54.11.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1i-54.11.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libopenssl1_0_0-hmac-1.0.1i-54.11.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.1i-54.11.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"openssl-1.0.1i-54.11.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"openssl-debuginfo-1.0.1i-54.11.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"openssl-debugsource-1.0.1i-54.11.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:45:24", "description": "This update for openssl fixes the following issues :\n\n - CVE-2018-0739: Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. (bsc#1087102).\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update project.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-04-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : openssl (openSUSE-2018-361)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0739"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libopenssl-devel", "p-cpe:/a:novell:opensuse:libopenssl-devel-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac-32bit", "p-cpe:/a:novell:opensuse:openssl", "p-cpe:/a:novell:opensuse:openssl-cavs", "p-cpe:/a:novell:opensuse:openssl-cavs-debuginfo", "p-cpe:/a:novell:opensuse:openssl-debuginfo", "p-cpe:/a:novell:opensuse:openssl-debugsource", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-361.NASL", "href": "https://www.tenable.com/plugins/nessus/109022", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-361.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(109022);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-0739\");\n\n script_name(english:\"openSUSE Security Update : openssl (openSUSE-2018-361)\");\n script_summary(english:\"Check for the openSUSE-2018-361 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openssl fixes the following issues :\n\n - CVE-2018-0739: Constructed ASN.1 types with a recursive\n definition (such as can be found in PKCS7) could\n eventually exceed the stack given malicious input with\n excessive recursion. This could result in a Denial Of\n Service attack. There are no such structures used within\n SSL/TLS that come from untrusted sources so this is\n considered safe. (bsc#1087102).\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1087102\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-cavs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-cavs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libopenssl-devel-1.0.2j-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libopenssl1_0_0-1.0.2j-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libopenssl1_0_0-debuginfo-1.0.2j-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libopenssl1_0_0-hmac-1.0.2j-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"openssl-1.0.2j-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"openssl-cavs-1.0.2j-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"openssl-cavs-debuginfo-1.0.2j-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"openssl-debuginfo-1.0.2j-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"openssl-debugsource-1.0.2j-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libopenssl-devel-32bit-1.0.2j-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.2j-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.2j-19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.2j-19.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenssl-devel / libopenssl-devel-32bit / libopenssl1_0_0 / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:44:15", "description": "This update for openssl fixes the following issues :\n\n - CVE-2018-0739: Constructed ASN.1 types with a recursive definition could exceed the stack. This could result in a Denial Of Service attack. (bsc#1087102)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-04-19T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : openssl (SUSE-SU-2018:0975-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0739"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libopenssl0_9_8", "p-cpe:/a:novell:suse_linux:libopenssl0_9_8-hmac", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:openssl-doc", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2018-0975-1.NASL", "href": "https://www.tenable.com/plugins/nessus/109161", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0975-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(109161);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-0739\");\n\n script_name(english:\"SUSE SLES11 Security Update : openssl (SUSE-SU-2018:0975-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openssl fixes the following issues :\n\n - CVE-2018-0739: Constructed ASN.1 types with a recursive\n definition could exceed the stack. This could result in\n a Denial Of Service attack. (bsc#1087102)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087102\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-0739/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180975-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c105070e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Studio Onsite 1.3:zypper in -t patch slestso13-openssl-13565=1\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-openssl-13565=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-openssl-13565=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-openssl-13565=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl0_9_8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl0_9_8-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.106.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.106.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libopenssl0_9_8-0.9.8j-0.106.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libopenssl0_9_8-hmac-0.9.8j-0.106.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"openssl-0.9.8j-0.106.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"openssl-doc-0.9.8j-0.106.9.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:47:35", "description": "Minor security update from upstream fixing CVE-2018-0739\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2019-01-03T00:00:00", "type": "nessus", "title": "Fedora 28 : 1:compat-openssl10 (2018-2f696a3be3)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0739"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:compat-openssl10", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2018-2F696A3BE3.NASL", "href": "https://www.tenable.com/plugins/nessus/120324", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-2f696a3be3.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120324);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-0739\");\n script_xref(name:\"FEDORA\", value:\"2018-2f696a3be3\");\n\n script_name(english:\"Fedora 28 : 1:compat-openssl10 (2018-2f696a3be3)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Minor security update from upstream fixing CVE-2018-0739\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-2f696a3be3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:compat-openssl10 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:compat-openssl10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"compat-openssl10-1.0.2o-1.fc28\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:compat-openssl10\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:47:49", "description": "This update for ovmf fixes the following issues: Security issues fixed :\n\n - CVE-2018-0739: Update openssl to 1.0.2o to limit ASN.1 constructed types recursive definition depth (bsc#1094289).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2019-01-02T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : ovmf (SUSE-SU-2018:2072-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0739"], "modified": "2020-03-20T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:ovmf", "p-cpe:/a:novell:suse_linux:ovmf-tools", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2018-2072-1.NASL", "href": "https://www.tenable.com/plugins/nessus/120061", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:2072-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(120061);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/20\");\n\n script_cve_id(\"CVE-2018-0739\");\n\n script_name(english:\"SUSE SLES15 Security Update : ovmf (SUSE-SU-2018:2072-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ovmf fixes the following issues: Security issues \nfixed :\n\n - CVE-2018-0739: Update openssl to 1.0.2o to limit ASN.1\n constructed types recursive definition depth\n (bsc#1094289).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094289\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-0739/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20182072-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d15a3292\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Server Applications 15:zypper in -t\npatch SUSE-SLE-Module-Server-Applications-15-2018-1399=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ovmf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ovmf-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"ovmf-2017+git1510945757.b2662641d5-5.3.6\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"ovmf-tools-2017+git1510945757.b2662641d5-5.3.6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ovmf\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:53:06", "description": "An update for ovmf is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nOVMF (Open Virtual Machine Firmware) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM.\n\nThe following packages have been upgraded to a later upstream version:\novmf (20180508). (BZ#1559542)\n\nSecurity Fix(es) :\n\n* openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-11-16T00:00:00", "type": "nessus", "title": "CentOS 7 : ovmf (CESA-2018:3090)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0739"], "modified": "2021-04-08T00:00:00", "cpe": ["p-cpe:/a:centos:centos:OVMF", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2018-3090.NASL", "href": "https://www.tenable.com/plugins/nessus/118991", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:3090 and \n# CentOS Errata and Security Advisory 2018:3090 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118991);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/08\");\n\n script_cve_id(\"CVE-2018-0739\");\n script_xref(name:\"RHSA\", value:\"2018:3090\");\n\n script_name(english:\"CentOS 7 : ovmf (CESA-2018:3090)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for ovmf is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOVMF (Open Virtual Machine Firmware) is a project to enable UEFI\nsupport for Virtual Machines. This package contains a sample 64-bit\nUEFI firmware for QEMU and KVM.\n\nThe following packages have been upgraded to a later upstream version:\novmf (20180508). (BZ#1559542)\n\nSecurity Fix(es) :\n\n* openssl: Handling of crafted recursive ASN.1 structures can cause a\nstack overflow and resulting denial of service (CVE-2018-0739)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.6 Release Notes linked from the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2018-November/005597.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c3700fef\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ovmf package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-0739\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:OVMF\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"OVMF-20180508-3.gitee3198e672e2.el7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OVMF\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:45:16", "description": "This update for openssl fixes the following issues :\n\n - CVE-2018-0739: Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. (bsc#1087102).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-04-12T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2018:0925-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0739"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libopenssl-devel", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:openssl-debuginfo", "p-cpe:/a:novell:suse_linux:openssl-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-0925-1.NASL", "href": "https://www.tenable.com/plugins/nessus/109013", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0925-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109013);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-0739\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2018:0925-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for openssl fixes the following issues :\n\n - CVE-2018-0739: Constructed ASN.1 types with a recursive\n definition (such as can be found in PKCS7) could\n eventually exceed the stack given malicious input with\n excessive recursion. This could result in a Denial Of\n Service attack. There are no such structures used within\n SSL/TLS that come from untrusted sources so this is\n considered safe. (bsc#1087102).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087102\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-0739/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180925-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1b462b97\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-624=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2018-624=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2018-624=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-624=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-624=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-624=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2018-624=1\n\nSUSE CaaS Platform ALL :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-624=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libopenssl-devel-1.0.2j-60.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libopenssl1_0_0-1.0.2j-60.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libopenssl1_0_0-32bit-1.0.2j-60.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libopenssl1_0_0-debuginfo-1.0.2j-60.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libopenssl1_0_0-hmac-1.0.2j-60.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"openssl-1.0.2j-60.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"openssl-debuginfo-1.0.2j-60.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"openssl-debugsource-1.0.2j-60.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libopenssl-devel-1.0.2j-60.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libopenssl1_0_0-1.0.2j-60.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libopenssl1_0_0-32bit-1.0.2j-60.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libopenssl1_0_0-debuginfo-1.0.2j-60.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libopenssl1_0_0-hmac-1.0.2j-60.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"openssl-1.0.2j-60.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"openssl-debuginfo-1.0.2j-60.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"openssl-debugsource-1.0.2j-60.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libopenssl-devel-1.0.2j-60.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-1.0.2j-60.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.2j-60.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-1.0.2j-60.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"openssl-1.0.2j-60.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"openssl-debuginfo-1.0.2j-60.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"openssl-debugsource-1.0.2j-60.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenssl-devel-1.0.2j-60.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-1.0.2j-60.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.2j-60.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-1.0.2j-60.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"openssl-1.0.2j-60.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"openssl-debuginfo-1.0.2j-60.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"openssl-debugsource-1.0.2j-60.24.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-13T14:33:54", "description": "It was discovered that OpenSSL incorrectly handled certain ASN.1 types. A remote attacker could possibly use this issue to cause a denial of service.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-03-29T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : OpenSSL vulnerability (USN-3611-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0739"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.10"], "id": "UBUNTU_USN-3611-1.NASL", "href": "https://www.tenable.com/plugins/nessus/108709", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3611-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108709);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2018-0739\");\n script_xref(name:\"USN\", value:\"3611-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : OpenSSL vulnerability (USN-3611-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that OpenSSL incorrectly handled certain ASN.1\ntypes. A remote attacker could possibly use this issue to cause a\ndenial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3611-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected libssl1.0.0 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|17\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 17.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.1f-1ubuntu2.24\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.2g-1ubuntu4.11\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.2g-1ubuntu13.4\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssl1.0.0\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T15:27:48", "description": "The version of Oracle MySQL Connectors installed on the remote host is 8.0.x prior to 8.0.12 or 5.3.x prior to 5.3.11.\nIt is, therefore, affected by a denial of service vulnerability as noted in the July 2018 Critical Patch Update advisory. This vulnerability is related to OpenSSL's handling of recursive ASN.1 structures: given specially crafted input with excessive recursion, an attacker can cause a stack overflow that results in a denial of service.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2019-09-19T00:00:00", "type": "nessus", "title": "Oracle MySQL Connectors DoS (Jul 2018 CPU)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0739"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:oracle:mysql_connectors"], "id": "ORACLE_MYSQL_CONNECTORS_CPU_JUL_2018.NASL", "href": "https://www.tenable.com/plugins/nessus/129004", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129004);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2018-0739\");\n script_bugtraq_id(103518);\n script_xref(name:\"IAVA\", value:\"2018-A-0229-S\");\n\n script_name(english:\"Oracle MySQL Connectors DoS (Jul 2018 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by a Denial of Service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle MySQL Connectors installed on the remote host is 8.0.x prior to 8.0.12 or 5.3.x prior to 5.3.11.\nIt is, therefore, affected by a denial of service vulnerability as noted in the July 2018 Critical Patch Update\nadvisory. This vulnerability is related to OpenSSL's handling of recursive ASN.1 structures: given specially crafted\ninput with excessive recursion, an attacker can cause a stack overflow that results in a denial of service.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html#AppendixMSQL\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5103b2d3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patches according to the July 2018 Oracle Critical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-0739\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql_connectors\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_connectors_version_nix.nbin\", \"mysql_connectors_version_win.nbin\");\n script_require_keys(\"installed_sw/MySQL Connector\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nappname = 'MySQL Connector';\n\napp_info = vcf::get_app_info(app:appname);\nproduct = tolower(app_info['Product']);\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nif ('odbc' >< product)\n constraints = [\n {'min_version': '5.3.0', 'fixed_version': '5.3.11'},\n {'min_version': '8.0.0', 'fixed_version': '8.0.12'}\n ];\nelse\n audit(AUDIT_PACKAGE_NOT_AFFECTED, product);\n\nvcf::check_version_and_report(app_info: app_info, constraints: constraints, severity: SECURITY_WARNING);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:52:07", "description": "Security Fix(es) :\n\n - openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-11-27T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : ovmf on on SL7.x x86_64 (20181030)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0739"], "modified": "2020-07-01T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:OVMF", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20181030_OVMF_ON_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/119195", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119195);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/01\");\n\n script_cve_id(\"CVE-2018-0739\");\n\n script_name(english:\"Scientific Linux Security Update : ovmf on on SL7.x x86_64 (20181030)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Scientific Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security Fix(es) :\n\n - openssl: Handling of crafted recursive ASN.1 structures\n can cause a stack overflow and resulting denial of\n service (CVE-2018-0739)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1811&L=scientific-linux-errata&F=&S=&P=13070\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2f2d23ef\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected OVMF package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:OVMF\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"OVMF-20180508-3.gitee3198e672e2.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OVMF\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "suse": [{"lastseen": "2018-04-24T05:30:38", "description": "This update for VirtualBox to version 5.1.36 fixes multiple issues:\n\n Security issues fixed:\n\n - CVE-2018-0739: Unauthorized remote attacker may have caused a hang or\n frequently repeatable crash (complete DOS)\n - CVE-2018-2830: Attacker with host login may have compromised Virtualbox\n or further system services after interaction with a third user\n - CVE-2018-2831: Attacker with host login may have compromised VirtualBox\n or further system services, allowing read access to some data\n - CVE-2018-2835: Attacker with host login may have gained control over\n VirtualBox and possibly further system services after interacting with a\n third user\n - CVE-2018-2836: Attacker with host login may have gained control over\n VirtualBox and possibly further system services after interacting with a\n third user\n - CVE-2018-2837: Attacker with host login may have gained control over\n VirtualBox and possibly further system services after interacting with a\n third user\n - CVE-2018-2842: Attacker with host login may have gained control over\n VirtualBox and possibly further system services after interacting with a\n third user\n - CVE-2018-2843: Attacker with host login may have gained control over\n VirtualBox and possibly further system services after interacting with a\n third user\n - CVE-2018-2844: Attacker with host login may have gained control over\n VirtualBox and possibly further system services after interacting with a\n third user\n - CVE-2018-2845: Attacker with host login may have caused a hang or\n frequently repeatable crash (complete DOS), and perform unauthorized\n read and write operation to some VirtualBox accessible data\n - CVE-2018-2860: Privileged attacker may have gained control over\n VirtualBox and possibly further system services\n\n <a rel=\"nofollow\" href=\"http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-36781\">http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-36781</a>\n 08.html\n <a rel=\"nofollow\" href=\"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\">http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html</a>\n #AppendixOVIR\n\n This update also contains all upstream fixes and improvements in the\n stable 5.1.36 release.\n\n", "cvss3": {}, "published": "2018-04-24T03:20:04", "type": "suse", "title": "Security update for virtualbox (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2018-2836", "CVE-2017-9798", "CVE-2018-2860", "CVE-2018-2844", "CVE-2018-2842", "CVE-2018-2835", "CVE-2018-2845", "CVE-2017-3737", "CVE-2018-2837", "CVE-2018-0739", "CVE-2018-2831", "CVE-2018-2830", "CVE-2018-2843"], "modified": "2018-04-24T03:20:04", "id": "OPENSUSE-SU-2018:1057-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-04/msg00069.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-27T01:33:35", "description": "This update for kbuild, virtualbox fixes the following issues:\n\n kbuild changes:\n\n - Update to version 0.1.9998svn3110\n - Do not assume glibc glob internals\n - Support GLIBC glob interface version 2\n - Fix build failure (boo#1079838)\n - Fix build with GCC7 (boo#1039375)\n - Fix build by disabling vboxvideo_drv.so\n\n virtualbox security fixes (boo#1101667, boo#1076372):\n\n - CVE-2018-3005\n - CVE-2018-3055\n - CVE-2018-3085\n - CVE-2018-3086\n - CVE-2018-3087\n - CVE-2018-3088\n - CVE-2018-3089\n - CVE-2018-3090\n - CVE-2018-3091\n - CVE-2018-2694\n - CVE-2018-2698\n - CVE-2018-2685\n - CVE-2018-2686\n - CVE-2018-2687\n - CVE-2018-2688\n - CVE-2018-2689\n - CVE-2018-2690\n - CVE-2018-2676\n - CVE-2018-2693\n - CVE-2017-5715\n\n virtualbox other changes:\n\n - Version bump to 5.2.16\n - Use %{?linux_make_arch} when building kernel modules (boo#1098050)\n - Fixed vboxguestconfig.sh script\n - Update warning regarding the security hole in USB passthrough.\n (boo#1097248)\n - Fixed include for build with Qt 5.11 (boo#1093731)\n - You can find a detailed list of changes\n [here](<a rel=\"nofollow\" href=\"https://www.virtualbox.org/wiki/Changelog#v16\">https://www.virtualbox.org/wiki/Changelog#v16</a>)\n\n", "cvss3": {}, "published": "2018-08-27T00:07:57", "type": "suse", "title": "Security update for kbuild, virtualbox (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2018-2836", "CVE-2018-3091", "CVE-2018-2687", "CVE-2018-2860", "CVE-2018-3055", "CVE-2018-2844", "CVE-2018-2842", "CVE-2018-2835", "CVE-2018-2698", "CVE-2018-2693", "CVE-2018-2845", "CVE-2018-2690", "CVE-2018-3086", "CVE-2018-2676", "CVE-2017-5715", "CVE-2018-2837", "CVE-2018-3089", "CVE-2018-0739", "CVE-2018-2688", "CVE-2018-3087", "CVE-2018-2831", "CVE-2018-2830", "CVE-2018-2685", "CVE-2018-3085", "CVE-2018-2843", "CVE-2018-3005", "CVE-2018-3090", "CVE-2018-2686", "CVE-2018-2694", "CVE-2018-2689", "CVE-2018-3088"], "modified": "2018-08-27T00:07:57", "id": "OPENSUSE-SU-2018:2524-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00080.html", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2018-04-10T05:07:20", "description": "This update for openssl fixes the following issues:\n\n - CVE-2018-0739: Constructed ASN.1 types with a recursive definition\n could exceed the stack. This could result in a Denial Of Service\n attack. (bsc#1087102)\n\n", "cvss3": {}, "published": "2018-04-10T03:07:47", "type": "suse", "title": "Security update for openssl (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2018-0739"], "modified": "2018-04-10T03:07:47", "id": "SUSE-SU-2018:0906-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-04/msg00008.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-04-18T13:21:16", "description": "This update for openssl fixes the following issues:\n\n - CVE-2018-0739: Constructed ASN.1 types with a recursive definition\n could exceed the stack. This could result in a Denial Of Service\n attack. (bsc#1087102)\n\n", "cvss3": {}, "published": "2018-04-18T12:14:12", "type": "suse", "title": "Security update for openssl (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2018-0739"], "modified": "2018-04-18T12:14:12", "id": "SUSE-SU-2018:0975-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-04/msg00013.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-04-09T05:08:32", "description": "This update for openssl fixes the following issues:\n\n - CVE-2018-0739: Constructed ASN.1 types with a recursive definition\n could exceed the stack. This could result in a Denial Of Service\n attack. (bsc#1087102)\n\n", "cvss3": {}, "published": "2018-04-09T03:08:41", "type": "suse", "title": "Security update for openssl (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2018-0739"], "modified": "2018-04-09T03:08:41", "id": "SUSE-SU-2018:0902-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-04/msg00006.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-06T17:54:23", "description": "This update for ovmf fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-0739: Update openssl to 1.0.2o to limit ASN.1 constructed types\n recursive definition depth (bsc#1094289).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "cvss3": {}, "published": "2018-08-06T15:11:10", "type": "suse", "title": "Security update for ovmf (moderate)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2018-0739"], "modified": "2018-08-06T15:11:10", "id": "OPENSUSE-SU-2018:2208-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00009.html", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-07T22:44:19", "description": "This update for ovmf provide the following fix:\n\n Security issues fixed:\n\n - CVE-2018-0739: Update openssl to 1.0.2o to limit ASN.1 constructed types\n recursive definition depth (bsc#1094290, bsc#1094291).\n\n Bug fixes:\n\n - Only use SLES-UEFI-CA-Certificate-2048.crt for the SUSE flavor to\n provide the better compatibility. (bsc#1077330)\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\n\n", "cvss3": {}, "published": "2018-08-07T21:07:50", "type": "suse", "title": "Security update for ovmf (moderate)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2018-0739"], "modified": "2018-08-07T21:07:50", "id": "OPENSUSE-SU-2018:2238-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00021.html", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-10T05:07:20", "description": "This update for openssl1 fixes the following issues:\n\n - CVE-2018-0739: Constructed ASN.1 types with a recursive definition\n could exceed the stack. This could result in a Denial Of Service\n attack. (bsc#1087102)\n\n", "cvss3": {}, "published": "2018-04-10T03:07:17", "type": "suse", "title": "Security update for openssl1 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2018-0739"], "modified": "2018-04-10T03:07:17", "id": "SUSE-SU-2018:0905-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-04/msg00007.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "openvas": [{"lastseen": "2019-07-17T14:18:34", "description": "The host is installed with Oracle VM\n VirtualBox and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-04-18T00:00:00", "type": "openvas", "title": "Oracle VirtualBox Security Updates (apr2018-3678067) 02 - Linux", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2836", "CVE-2018-2860", "CVE-2018-2844", "CVE-2018-2842", "CVE-2018-2835", "CVE-2018-2845", "CVE-2018-2837", "CVE-2018-0739", "CVE-2018-2831", "CVE-2018-2830", "CVE-2018-2843"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310813303", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813303", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle VirtualBox Security Updates (apr2018-3678067) 02 - Linux\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:vm_virtualbox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813303\");\n script_version(\"2019-07-05T09:12:25+0000\");\n script_cve_id(\"CVE-2018-2860\", \"CVE-2018-0739\", \"CVE-2018-2842\", \"CVE-2018-2843\",\n \"CVE-2018-2844\", \"CVE-2018-2845\", \"CVE-2018-2831\", \"CVE-2018-2830\",\n \"CVE-2018-2837\", \"CVE-2018-2836\", \"CVE-2018-2835\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 09:12:25 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-04-18 19:09:08 +0530 (Wed, 18 Apr 2018)\");\n script_name(\"Oracle VirtualBox Security Updates (apr2018-3678067) 02 - Linux\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Oracle VM\n VirtualBox and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to multiple\n unspecified errors in 'Core' component of Oracle VM VirtualBox.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n remote attackers to affect confidentiality, availability and integrity via\n unknown vectors.\");\n\n script_tag(name:\"affected\", value:\"VirtualBox versions prior to 5.1.36, 5.2.x\n prior to 5.2.10 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Oracle VirtualBox 5.2.10 or\n 5.1.36 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_sun_virtualbox_detect_lin.nasl\");\n script_mandatory_keys(\"Sun/VirtualBox/Lin/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nvirtualVer = infos['version'];\npath = infos['location'];\n\nif(virtualVer =~ \"^5\\.2\" && (version_is_less(version:virtualVer, test_version:\"5.2.10\"))){\n fix = \"5.2.10\";\n}\n\nelse if(version_is_less(version:virtualVer, test_version:\"5.1.36\")){\n fix = \"5.1.36\";\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:virtualVer, fixed_version: fix, install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-17T14:18:35", "description": "The host is installed with Oracle VM\n VirtualBox and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-04-18T00:00:00", "type": "openvas", "title": "Oracle VirtualBox Security Updates (apr2018-3678067) 01 - Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2836", "CVE-2018-2860", "CVE-2018-2844", "CVE-2018-2842", "CVE-2018-2835", "CVE-2018-2845", "CVE-2018-2837", "CVE-2018-0739", "CVE-2018-2831", "CVE-2018-2830", "CVE-2018-2843"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310813302", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813302", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle VirtualBox Security Updates (apr2018-3678067) 01 - Windows\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:vm_virtualbox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813302\");\n script_version(\"2019-07-05T09:12:25+0000\");\n script_cve_id(\"CVE-2018-2860\", \"CVE-2018-0739\", \"CVE-2018-2842\", \"CVE-2018-2843\",\n \"CVE-2018-2844\", \"CVE-2018-2845\", \"CVE-2018-2831\", \"CVE-2018-2830\",\n \"CVE-2018-2837\", \"CVE-2018-2836\", \"CVE-2018-2835\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 09:12:25 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-04-18 19:09:04 +0530 (Wed, 18 Apr 2018)\");\n script_name(\"Oracle VirtualBox Security Updates (apr2018-3678067) 01 - Windows\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Oracle VM\n VirtualBox and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to multiple\n unspecified errors in 'Core' component of Oracle VM VirtualBox.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n remote attackers to affect confidentiality, availability and integrity via\n unknown vectors.\");\n\n script_tag(name:\"affected\", value:\"VirtualBox versions prior to 5.1.36, 5.2.x\n prior to 5.2.10 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Oracle VirtualBox 5.2.10 or\n 5.1.36 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_sun_virtualbox_detect_win.nasl\");\n script_mandatory_keys(\"Oracle/VirtualBox/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nvirtualVer = infos['version'];\npath = infos['location'];\n\nif(virtualVer =~ \"^5\\.2\" && (version_is_less(version:virtualVer, test_version:\"5.2.10\"))){\n fix = \"5.2.10\";\n}\n\nelse if(version_is_less(version:virtualVer, test_version:\"5.1.36\")){\n fix = \"5.1.36\";\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:virtualVer, fixed_version: fix, install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-17T14:18:35", "description": "The host is installed with Oracle VM\n VirtualBox and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-04-18T00:00:00", "type": "openvas", "title": "Oracle VirtualBox Security Updates (apr2018-3678067) 03 - MAC OS X", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2836", "CVE-2018-2860", "CVE-2018-2844", "CVE-2018-2842", "CVE-2018-2835", "CVE-2018-2845", "CVE-2018-2837", "CVE-2018-0739", "CVE-2018-2831", "CVE-2018-2830", "CVE-2018-2843"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310813304", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813304", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle VirtualBox Security Updates (apr2018-3678067) 03 - MAC OS X\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:vm_virtualbox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813304\");\n script_version(\"2019-07-05T09:12:25+0000\");\n script_cve_id(\"CVE-2018-2860\", \"CVE-2018-0739\", \"CVE-2018-2842\", \"CVE-2018-2843\",\n \"CVE-2018-2844\", \"CVE-2018-2845\", \"CVE-2018-2831\", \"CVE-2018-2830\",\n \"CVE-2018-2837\", \"CVE-2018-2836\", \"CVE-2018-2835\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 09:12:25 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-04-18 19:09:11 +0530 (Wed, 18 Apr 2018)\");\n script_name(\"Oracle VirtualBox Security Updates (apr2018-3678067) 03 - MAC OS X\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Oracle VM\n VirtualBox and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to multiple\n unspecified errors in 'Core' component of Oracle VM VirtualBox.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n remote attackers to affect confidentiality, availability and integrity via\n unknown vectors.\");\n\n script_tag(name:\"affected\", value:\"VirtualBox versions prior to 5.1.36, 5.2.x\n prior to 5.2.10 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Oracle VirtualBox 5.2.10 or\n 5.1.36 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_oracle_virtualbox_detect_macosx.nasl\");\n script_mandatory_keys(\"Oracle/VirtualBox/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nvirtualVer = infos['version'];\npath = infos['location'];\n\nif(virtualVer =~ \"^5\\.2\" && (version_is_less(version:virtualVer, test_version:\"5.2.10\"))){\n fix = \"5.2.10\";\n}\n\nelse if(version_is_less(version:virtualVer, test_version:\"5.1.36\")){\n fix = \"5.1.36\";\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:virtualVer, fixed_version: fix, install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-04T16:46:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-08-27T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for kbuild (openSUSE-SU-2018:2524-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2836", "CVE-2018-3091", "CVE-2018-2687", "CVE-2018-2860", "CVE-2018-3055", "CVE-2018-2844", "CVE-2018-2842", "CVE-2018-2835", "CVE-2018-2698", "CVE-2018-2693", "CVE-2018-2845", "CVE-2018-2690", "CVE-2018-3086", "CVE-2018-2676", "CVE-2017-5715", "CVE-2018-2837", "CVE-2018-3089", "CVE-2018-0739", "CVE-2018-2688", "CVE-2018-3087", "CVE-2018-2831", "CVE-2018-2830", "CVE-2018-2685", "CVE-2018-3085", "CVE-2018-2843", "CVE-2018-3005", "CVE-2018-3090", "CVE-2018-2686", "CVE-2018-2694", "CVE-2018-2689", "CVE-2018-3088"], "modified": "2020-06-03T00:00:00", "id": "OPENVAS:1361412562310851869", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851869", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851869\");\n script_version(\"2020-06-03T08:38:58+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-03 08:38:58 +0000 (Wed, 03 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-08-27 07:20:54 +0200 (Mon, 27 Aug 2018)\");\n script_cve_id(\"CVE-2017-5715\", \"CVE-2018-0739\", \"CVE-2018-2676\", \"CVE-2018-2685\", \"CVE-2018-2686\", \"CVE-2018-2687\", \"CVE-2018-2688\", \"CVE-2018-2689\", \"CVE-2018-2690\", \"CVE-2018-2693\", \"CVE-2018-2694\", \"CVE-2018-2698\", \"CVE-2018-2830\", \"CVE-2018-2831\", \"CVE-2018-2835\", \"CVE-2018-2836\", \"CVE-2018-2837\", \"CVE-2018-2842\", \"CVE-2018-2843\", \"CVE-2018-2844\", \"CVE-2018-2845\", \"CVE-2018-2860\", \"CVE-2018-3005\", \"CVE-2018-3055\", \"CVE-2018-3085\", \"CVE-2018-3086\", \"CVE-2018-3087\", \"CVE-2018-3088\", \"CVE-2018-3089\", \"CVE-2018-3090\", \"CVE-2018-3091\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for kbuild (openSUSE-SU-2018:2524-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kbuild'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for kbuild, virtualbox fixes the following issues:\n\n kbuild changes:\n\n - Update to version 0.1.9998svn3110\n\n - Do not assume glibc glob internals\n\n - Support GLIBC glob interface version 2\n\n - Fix build failure (boo#1079838)\n\n - Fix build with GCC7 (boo#1039375)\n\n - Fix build by disabling vboxvideo_drv.so\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3\n\n zypper in -t patch openSUSE-2018-938=1\");\n\n script_tag(name:\"affected\", value:\"kbuild, on openSUSE Leap 42.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:2524-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-08/msg00080.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"kbuild\", rpm:\"kbuild~0.1.9998svn3110~4.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kbuild-debuginfo\", rpm:\"kbuild-debuginfo~0.1.9998svn3110~4.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kbuild-debugsource\", rpm:\"kbuild-debugsource~0.1.9998svn3110~4.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-virtualbox\", rpm:\"python-virtualbox~5.2.18~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-virtualbox-debuginfo\", rpm:\"python-virtualbox-debuginfo~5.2.18~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox\", rpm:\"virtualbox~5.2.18~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-debuginfo\", rpm:\"virtualbox-debuginfo~5.2.18~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-debugsource\", rpm:\"virtualbox-debugsource~5.2.18~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-devel\", rpm:\"virtualbox-devel~5.2.18~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-default\", rpm:\"virtualbox-guest-kmp-default~5.2.18_k4.4.143_65~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-default-debuginfo\", rpm:\"virtualbox-guest-kmp-default-debuginfo~5.2.18_k4.4.143_65~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-tools\", rpm:\"virtualbox-guest-tools~5.2.18~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-tools-debuginfo\", rpm:\"virtualbox-guest-tools-debuginfo~5.2.18~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-x11\", rpm:\"virtualbox-guest-x11~5.2.18~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-x11-debuginfo\", rpm:\"virtualbox-guest-x11-debuginfo~5.2.18~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-default\", rpm:\"virtualbox-host-kmp-default~5.2.18_k4.4.143_65~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-default-debuginfo\", rpm:\"virtualbox-host-kmp-default-debuginfo~5.2.18_k4.4.143_65~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-qt\", rpm:\"virtualbox-qt~5.2.18~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-qt-debuginfo\", rpm:\"virtualbox-qt-debuginfo~5.2.18~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-vnc\", rpm:\"virtualbox-vnc~5.2.18~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-websrv\", rpm:\"virtualbox-websrv~5.2.18~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-websrv-debuginfo\", rpm:\"virtualbox-websrv-debuginfo~5.2.18~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-desktop-icons\", rpm:\"virtualbox-guest-desktop-icons~5.2.18~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-source\", rpm:\"virtualbox-guest-source~5.2.18~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-source\", rpm:\"virtualbox-host-source~5.2.18~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-05-29T18:34:06", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-28T00:00:00", "type": "openvas", "title": "Fedora Update for httpd FEDORA-2017-a52f252521", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9798"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873446", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873446", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_a52f252521_httpd_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for httpd FEDORA-2017-a52f252521\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873446\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-28 09:14:48 +0200 (Thu, 28 Sep 2017)\");\n script_cve_id(\"CVE-2017-9798\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for httpd FEDORA-2017-a52f252521\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'httpd'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"httpd on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-a52f252521\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R4JEOCEFPTVRSQESLYQKPEEKR3XN7LBV\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.4.27~3.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:33:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Ubuntu Update for apache2 USN-3425-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9798"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843313", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843313", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3425_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for apache2 USN-3425-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843313\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 11:45:15 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-9798\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for apache2 USN-3425-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'apache2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Hanno Bck discovered that the Apache HTTP\n Server incorrectly handled Limit directives in .htaccess files. In certain\n configurations, a remote attacker could possibly use this issue to read\n arbitrary server memory, including sensitive information. This issue is known as\n Optionsbleed.\");\n script_tag(name:\"affected\", value:\"apache2 on Ubuntu 17.04,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3425-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3425-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.04|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"apache2-bin\", ver:\"2.4.7-1ubuntu4.18\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"apache2-bin\", ver:\"2.4.25-3ubuntu2.3\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"apache2-bin\", ver:\"2.4.18-2ubuntu3.5\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-29T20:09:29", "description": "Hanno Boeck discovered that incorrect parsing of Limit directives of\n.htaccess files by the Apache HTTP Server could result in memory\ndisclosure.", "cvss3": {}, "published": "2018-02-07T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for apache2 (DLA-1102-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9798"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891102", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891102", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891102\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-9798\");\n script_name(\"Debian LTS: Security Advisory for apache2 (DLA-1102-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-07 00:00:00 +0100 (Wed, 07 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/09/msg00019.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"apache2 on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n2.2.22-13+deb7u12.\n\nWe recommend that you upgrade your apache2 packages.\");\n\n script_tag(name:\"summary\", value:\"Hanno Boeck discovered that incorrect parsing of Limit directives of\n.htaccess files by the Apache HTTP Server could result in memory\ndisclosure.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.22-13+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-dbg\", ver:\"2.2.22-13+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.22-13+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.22-13+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-mpm-itk\", ver:\"2.2.22-13+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.22-13+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.22-13+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.22-13+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-suexec\", ver:\"2.2.22-13+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-suexec-custom\", ver:\"2.2.22-13+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.22-13+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.22-13+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2.2-bin\", ver:\"2.2.22-13+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.22-13+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-27T18:33:30", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2017-1253)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9798"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171253", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171253", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1253\");\n script_version(\"2020-01-23T11:01:28+0000\");\n script_cve_id(\"CVE-2017-9798\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:01:28 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:01:28 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2017-1253)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1253\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1253\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'httpd' package(s) announced via the EulerOS-SA-2017-1253 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\");\n\n script_tag(name:\"affected\", value:\"'httpd' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.4.6~45.0.1.4.h5\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.4.6~45.0.1.4.h5\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.4.6~45.0.1.4.h5\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd-tools\", rpm:\"httpd-tools~2.4.6~45.0.1.4.h5\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.4.6~45.0.1.4.h5\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:34:32", "description": "Hanno Boeck discovered that incorrect parsing of Limit directives of\n.htaccess files by the Apache HTTP Server could result in memory\ndisclosure.", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3980-1 (apache2 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9798"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703980", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703980", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_3980.nasl 14280 2019-03-18 14:50:45Z cfischer $\n#\n# Auto-generated from advisory DSA 3980-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703980\");\n script_version(\"$Revision: 14280 $\");\n script_cve_id(\"CVE-2017-9798\");\n script_name(\"Debian Security Advisory DSA 3980-1 (apache2 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:50:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 00:00:00 +0200 (Wed, 20 Sep 2017)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3980.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(9|8)\");\n script_tag(name:\"affected\", value:\"apache2 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), this problem has been fixed\nin version 2.4.10-10+deb8u11.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 2.4.25-3+deb9u3.\n\nWe recommend that you upgrade your apache2 packages.\");\n script_tag(name:\"summary\", value:\"Hanno Boeck discovered that incorrect parsing of Limit directives of\n.htaccess files by the Apache HTTP Server could result in memory\ndisclosure.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.4.25-3+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-bin\", ver:\"2.4.25-3+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-data\", ver:\"2.4.25-3+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-dbg\", ver:\"2.4.25-3+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-dev\", ver:\"2.4.25-3+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.4.25-3+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-ssl-dev\", ver:\"2.4.25-3+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-suexec-custom\", ver:\"2.4.25-3+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-suexec-pristine\", ver:\"2.4.25-3+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.4.25-3+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-bin\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-data\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-dbg\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-dev\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-mpm-itk\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-suexec\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-suexec-custom\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-suexec-pristine\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2.2-bin\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libapache2-mod-macro\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libapache2-mod-proxy-html\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:34:51", "description": "Apache HTTP server allows remote attackers to read secret data\n from process memory if the Limit directive can be set in a user", "cvss3": {}, "published": "2017-10-11T00:00:00", "type": "openvas", "title": "Apache HTTP Server OPTIONS Memory Leak Vulnerability (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9798"], "modified": "2018-10-19T00:00:00", "id": "OPENVAS:1361412562310108252", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108252", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apache_optionsbleed_version.nasl 11983 2018-10-19 10:04:45Z mmartin $\n#\n# Apache HTTP Server OPTIONS Memory Leak Vulnerability (Optionsbleed)\n#\n# Authors:\n# Christian Fischer <christian.fischer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, https://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:http_server\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108252\");\n script_version(\"$Revision: 11983 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-19 12:04:45 +0200 (Fri, 19 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-11 10:53:35 +0200 (Wed, 11 Oct 2017)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2017-9798\");\n script_bugtraq_id(100872);\n script_name(\"Apache HTTP Server OPTIONS Memory Leak Vulnerability (Optionsbleed)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"secpod_apache_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"apache/installed\");\n\n script_xref(name:\"URL\", value:\"http://openwall.com/lists/oss-security/2017/09/18/2\");\n script_xref(name:\"URL\", value:\"https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/100872\");\n script_xref(name:\"URL\", value:\"https://archive.apache.org/dist/httpd/patches/apply_to_2.2.34/\");\n script_xref(name:\"URL\", value:\"https://www.apache.org/dist/httpd/CHANGES_2.4.28\");\n\n script_tag(name:\"summary\", value:\"Apache HTTP server allows remote attackers to read secret data\n from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf\n has certain misconfigurations, aka Optionsbleed.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Optionsbleed is a use after free error in Apache HTTP server that\n causes a corrupted Allow header to be constructed in response to HTTP OPTIONS requests. This can leak\n pieces of arbitrary memory from the server process that may contain secrets. The memory pieces change\n after multiple requests, so for a vulnerable host an arbitrary number of memory chunks can be leaked.\n\n The bug appears if a webmaster tries to use the 'Limit' directive with an invalid HTTP method.\n\n Example .htaccess:\n\n <Limit abcxyz>\n </Limit>\");\n\n script_tag(name:\"impact\", value:\"The successful exploitation allows the attacker to read chunks of the\n host's memory.\");\n\n script_tag(name:\"affected\", value:\"Apache HTTP Server 2.2.x versions up to 2.2.34 and 2.4.x below 2.4.28.\");\n\n script_tag(name:\"solution\", value:\"Update to Apache HTTP Server 2.4.28. For Apache HTTP Server running\n version 2.2.34 apply the patch linked in the references.\n\n As a workaround the usage of .htaccess should be disabled competely via the 'AllowOverride None'\n directive within the webservers configuration. Furthermore all <Limit> statements within the\n webserver configuration needs to be verified for invalid HTTP methods.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( version_is_less_equal( version:vers, test_version:\"2.2.34\" ) ) {\n vuln = TRUE;\n fix = \"Apply the referenced patch or upgrade to 2.4.28\";\n}\n\nif( vers =~ \"^2\\.4\\.\" ) {\n if( version_is_less( version:vers, test_version:\"2.4.28\" ) ) {\n vuln = TRUE;\n fix = \"2.4.28\";\n }\n}\n\nif( vuln ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:fix );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-27T18:34:19", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2017-1252)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9798"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171252", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171252", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1252\");\n script_version(\"2020-01-23T11:01:27+0000\");\n script_cve_id(\"CVE-2017-9798\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:01:27 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:01:27 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2017-1252)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1252\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1252\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'httpd' package(s) announced via the EulerOS-SA-2017-1252 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\");\n\n script_tag(name:\"affected\", value:\"'httpd' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.4.6~45.0.1.4.h8\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.4.6~45.0.1.4.h8\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.4.6~45.0.1.4.h8\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd-tools\", rpm:\"httpd-tools~2.4.6~45.0.1.4.h8\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.4.6~45.0.1.4.h8\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:34:26", "description": "Check the version of httpd", "cvss3": {}, "published": "2017-10-12T00:00:00", "type": "openvas", "title": "CentOS Update for httpd CESA-2017:2882 centos7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9798"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882784", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882784", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_CESA-2017_2882_httpd_centos7.nasl 14058 2019-03-08 13:25:52Z cfischer $\n#\n# CentOS Update for httpd CESA-2017:2882 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882784\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-12 10:25:42 +0200 (Thu, 12 Oct 2017)\");\n script_cve_id(\"CVE-2017-9798\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for httpd CESA-2017:2882 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of httpd\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The httpd packages provide the Apache\nHTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n * A use-after-free flaw was found in the way httpd handled invalid and\npreviously unregistered HTTP methods specified in the Limit directive used\nin an .htaccess file. A remote attacker could possibly use this flaw to\ndisclose portions of the server memory, or cause httpd child process to\ncrash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno Bock for reporting this issue.\");\n script_tag(name:\"affected\", value:\"httpd on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:2882\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-October/022565.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.4.6~67.el7.centos.5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.4.6~67.el7.centos.5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.4.6~67.el7.centos.5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-tools\", rpm:\"httpd-tools~2.4.6~67.el7.centos.5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ldap\", rpm:\"mod_ldap~2.4.6~67.el7.centos.5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_proxy_html\", rpm:\"mod_proxy_html~2.4.6~67.el7.centos.5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_session\", rpm:\"mod_session~2.4.6~67.el7.centos.5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.4.6~67.el7.centos.5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:34:00", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-10-12T00:00:00", "type": "openvas", "title": "RedHat Update for httpd RHSA-2017:2882-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9798"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310812035", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812035", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_RHSA-2017_2882-01_httpd.nasl 12497 2018-11-23 08:28:21Z cfischer $\n#\n# RedHat Update for httpd RHSA-2017:2882-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812035\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-12 10:24:50 +0200 (Thu, 12 Oct 2017)\");\n script_cve_id(\"CVE-2017-9798\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for httpd RHSA-2017:2882-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'httpd'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The httpd packages provide the Apache HTTP\nServer, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n * A use-after-free flaw was found in the way httpd handled invalid and\npreviously unregistered HTTP methods specified in the Limit directive used\nin an .htaccess file. A remote attacker could possibly use this flaw to\ndisclose portions of the server memory, or cause httpd child process to\ncrash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno Bck for reporting this issue.\");\n script_tag(name:\"affected\", value:\"httpd on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:2882-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-October/msg00010.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.4.6~67.el7_4.5\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.4.6~67.el7_4.5\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-debuginfo\", rpm:\"httpd-debuginfo~2.4.6~67.el7_4.5\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.4.6~67.el7_4.5\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-tools\", rpm:\"httpd-tools~2.4.6~67.el7_4.5\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_session\", rpm:\"mod_session~2.4.6~67.el7_4.5\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.4.6~67.el7_4.5\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-05-08T18:58:25", "description": "Apache HTTP server allows remote attackers to read secret data\n from process memory if the Limit directive can be set in a user", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Apache HTTP Server OPTIONS Memory Leak Vulnerability (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9798"], "modified": "2020-05-06T00:00:00", "id": "OPENVAS:1361412562310112048", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310112048", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apache HTTP Server OPTIONS Memory Leak Vulnerability (Optionsbleed)\n#\n# Authors:\n# Christian Fischer <christian.fischer@greenbone.net>\n# Jan Philipp Schulte <jan.schulte@greenbone.net>\n# Adrian Steins <adrian.steins@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, https://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:http_server\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.112048\");\n script_version(\"2020-05-06T12:58:00+0000\");\n script_tag(name:\"last_modification\", value:\"2020-05-06 12:58:00 +0000 (Wed, 06 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:53:35 +0200 (Wed, 20 Sep 2017)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2017-9798\");\n script_bugtraq_id(100872);\n script_name(\"Apache HTTP Server OPTIONS Memory Leak Vulnerability (Optionsbleed)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"secpod_apache_detect.nasl\", \"no404.nasl\", \"webmirror.nasl\", \"DDI_Directory_Scanner.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"apache/installed\");\n\n script_xref(name:\"URL\", value:\"http://openwall.com/lists/oss-security/2017/09/18/2\");\n script_xref(name:\"URL\", value:\"https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/100872\");\n script_xref(name:\"URL\", value:\"https://archive.apache.org/dist/httpd/patches/apply_to_2.2.34/\");\n script_xref(name:\"URL\", value:\"https://www.apache.org/dist/httpd/CHANGES_2.4.28\");\n\n script_tag(name:\"summary\", value:\"Apache HTTP server allows remote attackers to read secret data\n from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf\n has certain misconfigurations, aka Optionsbleed.\");\n\n script_tag(name:\"vuldetect\", value:\"This script checks for a corrupted Allow header that is being\n constructed in response to HTTP OPTIONS requests.\");\n\n script_tag(name:\"insight\", value:\"Optionsbleed is a use after free error in Apache HTTP server that\n causes a corrupted Allow header to be constructed in response to HTTP OPTIONS requests. This can leak\n pieces of arbitrary memory from the server process that may contain secrets. The memory pieces change\n after multiple requests, so for a vulnerable host an arbitrary number of memory chunks can be leaked.\n\n The bug appears if a webmaster tries to use the 'Limit' directive with an invalid HTTP method.\n\n Example .htaccess:\n\n <Limit abcxyz>\n </Limit>\");\n\n script_tag(name:\"impact\", value:\"The successful exploitation allows the attacker to read chunks of the\n host's memory.\");\n\n script_tag(name:\"affected\", value:\"Apache HTTP Server 2.2.x versions up to 2.2.34 and 2.4.x below 2.4.28.\");\n\n script_tag(name:\"solution\", value:\"Update to Apache HTTP Server 2.4.28. For Apache HTTP Server running\n version 2.2.34 apply the patch linked in the references.\n\n As a workaround the usage of .htaccess should be disabled competely via the 'AllowOverride None'\n directive within the webservers configuration. Furthermore all <Limit> statements within the\n webserver configuration needs to be verified for invalid HTTP methods.\");\n\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"host_details.inc\");\n\nif(!port = get_app_port(cpe:CPE)) exit(0);\nget_app_location(cpe:CPE, port:port, nofork:TRUE); # To have a reference to the Detection-NVT\n\nuseragent = http_get_user_agent();\nhost = http_host_name(port:port);\n\n#TODO: Once this vulnerability got older we might want to consider to limit the amounts of directories to check here\nforeach dir(make_list_unique(\"/\", http_cgi_dirs(port:port)))\n{\n\n if(dir == \"/\") dir = \"\";\n url = dir + \"/\";\n\n req = 'OPTIONS ' + url + ' HTTP/1.1\\r\\n' +\n 'Host: ' + host + '\\r\\n' +\n 'User-Agent: ' + useragent + '\\r\\n' +\n 'Connection: Close\\r\\n\\r\\n';\n\n for(i = 0; i <= 100; i++)\n {\n res = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE);\n if(res =~ \"^HTTP/1\\.[01] 405\" ) break; # We don't need to continue in this inner loop if the OPTIONS method is disabled.\n if(allow = egrep(string:res, pattern:\"^Allow: .*\" ))\n {\n # Examples:\n # Allow: POST,OPTIONS,,HEAD,:09:44 GMT\n # Allow: ,GET,HEAD,POST,OPTIONS\n # Allow: HEAD,,HEAD,POST,,HEAD,TRACE\n # Allow: POST,OPTIONS,GET,HEAD,,HEAD,write.c>\n if(vuln = eregmatch(pattern:\"(\\,{2,}|\\,\\W+\\,|^\\w+\\:[\\s]{0,}\\,|\\d)\", string:allow))\n {\n report = \"The remote service might leak data/memory via the 'Allow' header.\";\n report += '\\n\\nRequest:\\n' + req + '\\nResponse:\\n' + res;\n security_message(port:port, data:report);\n exit(0);\n }\n }\n }\n}\n\nexit(99);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-07-04T18:55:32", "description": "It was discovered that constructed ASN.1 types with a recursive\ndefinition could exceed the stack, potentially leading to a denial of\nservice.", "cvss3": {}, "published": "2018-03-29T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4158-1 (openssl1.0 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-0739"], "modified": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310704158", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704158", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4158-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704158\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2018-0739\");\n script_name(\"Debian Security Advisory DSA 4158-1 (openssl1.0 - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-03-29 00:00:00 +0200 (Thu, 29 Mar 2018)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4158.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"openssl1.0 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), this problem has been fixed in\nversion 1.0.2l-2+deb9u3.\n\nWe recommend that you upgrade your openssl1.0 packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/openssl1.0\");\n script_tag(name:\"summary\", value:\"It was discovered that constructed ASN.1 types with a recursive\ndefinition could exceed the stack, potentially leading to a denial of\nservice.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libssl1.0-dev\", ver:\"1.0.2l-2+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libssl1.0.2\", ver:\"1.0.2l-2+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:20", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-03-29T00:00:00", "type": "openvas", "title": "Ubuntu Update for openssl USN-3611-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-0739"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843487", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843487", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3611_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for openssl USN-3611-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843487\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-03-29 08:43:38 +0200 (Thu, 29 Mar 2018)\");\n script_cve_id(\"CVE-2018-0739\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for openssl USN-3611-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that OpenSSL incorrectly\n handled certain ASN.1 types. A remote attacker could possibly use this issue to\n cause a denial of service.\");\n script_tag(name:\"affected\", value:\"openssl on Ubuntu 17.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3611-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3611-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.10|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:amd64\", ver:\"1.0.1f-1ubuntu2.24\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:i386\", ver:\"1.0.1f-1ubuntu2.24\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:amd64\", ver:\"1.0.2g-1ubuntu13.4\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:i386\", ver:\"1.0.2g-1ubuntu13.4\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:amd64\", ver:\"1.0.2g-1ubuntu4.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:i386\", ver:\"1.0.2g-1ubuntu4.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-03-14T17:55:52", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-26T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for ovmf (openSUSE-SU-2018:2208-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-0739"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310852013", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852013", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852013\");\n script_version(\"2020-03-13T07:50:12+0000\");\n script_cve_id(\"CVE-2018-0739\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 07:50:12 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-10-26 06:34:23 +0200 (Fri, 26 Oct 2018)\");\n script_name(\"openSUSE: Security Advisory for ovmf (openSUSE-SU-2018:2208-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:2208-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-08/msg00009.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ovmf'\n package(s) announced via the openSUSE-SU-2018:2208-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for ovmf fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-0739: Update openssl to 1.0.2o to limit ASN.1 constructed types\n recursive definition depth (bsc#1094289).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2018-807=1\");\n\n script_tag(name:\"affected\", value:\"ovmf on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"ovmf\", rpm:\"ovmf~2017+git1510945757.b2662641d5~lp150.4.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ovmf-tools\", rpm:\"ovmf-tools~2017+git1510945757.b2662641d5~lp150.4.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ovmf-x86-64-debug\", rpm:\"qemu-ovmf-x86-64-debug~2017+git1510945757.b2662641d5~lp150.4.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ovmf-ia32\", rpm:\"qemu-ovmf-ia32~2017+git1510945757.b2662641d5~lp150.4.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ovmf-x86-64\", rpm:\"qemu-ovmf-x86-64~2017+git1510945757.b2662641d5~lp150.4.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-03-14T17:57:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-08-08T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for ovmf (openSUSE-SU-2018:2238-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-0739"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851840", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851840", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851840\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-08-08 05:51:16 +0200 (Wed, 08 Aug 2018)\");\n script_cve_id(\"CVE-2018-0739\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for ovmf (openSUSE-SU-2018:2238-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ovmf'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for ovmf provide the following fix:\n\n Security issues fixed:\n\n - CVE-2018-0739: Update openssl to 1.0.2o to limit ASN.1 constructed types\n recursive definition depth (bsc#1094290, bsc#1094291).\n\n Bug fixes:\n\n - Only use SLES-UEFI-CA-Certificate-2048.crt for the SUSE flavor to\n provide the better compatibility. (bsc#1077330)\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2018-823=1\");\n\n script_tag(name:\"affected\", value:\"ovmf on openSUSE Leap 42.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:2238-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-08/msg00021.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"ovmf\", rpm:\"ovmf~2017+git1492060560.b6d11d7c46~10.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ovmf-tools\", rpm:\"ovmf-tools~2017+git1492060560.b6d11d7c46~10.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ovmf-x86_64-debug\", rpm:\"qemu-ovmf-x86_64-debug~2017+git1492060560.b6d11d7c46~10.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ovmf-ia32\", rpm:\"qemu-ovmf-ia32~2017+git1492060560.b6d11d7c46~10.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ovmf-x86_64\", rpm:\"qemu-ovmf-x86_64~2017+git1492060560.b6d11d7c46~10.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-29T20:11:34", "description": "It was discovered that constructed ASN.1 types with a recursive\ndefinition could exceed the stack, potentially leading to a denial of\nservice.", "cvss3": {}, "published": "2018-04-02T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for openssl (DLA-1330-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-0739"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891330", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891330", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891330\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2018-0739\");\n script_name(\"Debian LTS: Security Advisory for openssl (DLA-1330-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-04-02 00:00:00 +0200 (Mon, 02 Apr 2018)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/03/msg00033.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"openssl on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n1.0.1t-1+deb7u4.\n\nWe recommend that you upgrade your openssl packages.\");\n\n script_tag(name:\"summary\", value:\"It was discovered that constructed ASN.1 types with a recursive\ndefinition could exceed the stack, potentially leading to a denial of\nservice.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1t-1+deb7u4\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1t-1+deb7u4\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1t-1+deb7u4\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1t-1+deb7u4\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1t-1+deb7u4\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:32:55", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-04-10T00:00:00", "type": "openvas", "title": "Fedora Update for compat-openssl10 FEDORA-2018-1b4f1158e2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-0739"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874349", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874349", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_1b4f1158e2_compat-openssl10_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for compat-openssl10 FEDORA-2018-1b4f1158e2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874349\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-04-10 08:55:58 +0200 (Tue, 10 Apr 2018)\");\n script_cve_id(\"CVE-2018-0739\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for compat-openssl10 FEDORA-2018-1b4f1158e2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'compat-openssl10'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"compat-openssl10 on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-1b4f1158e2\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/67YEUUERA6VABQWURFAQ7UIO44PQ4YLN\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"compat-openssl10\", rpm:\"compat-openssl10~1.0.2o~1.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:32:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-04-10T00:00:00", "type": "openvas", "title": "Fedora Update for compat-openssl10 FEDORA-2018-9490b422e7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-0739"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874356", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874356", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_9490b422e7_compat-openssl10_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for compat-openssl10 FEDORA-2018-9490b422e7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874356\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-04-10 08:56:32 +0200 (Tue, 10 Apr 2018)\");\n script_cve_id(\"CVE-2018-0739\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for compat-openssl10 FEDORA-2018-9490b422e7\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'compat-openssl10'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"compat-openssl10 on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-9490b422e7\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H6B2E2YZNPUT2Z4TVAPFMYKITDXJJRUI\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"compat-openssl10\", rpm:\"compat-openssl10~1.0.2o~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-07-21T19:55:04", "description": "Constructed ASN.1 types with a recursive definition in some OpenSSL versions could eventually exceed the stack given malicious input with excessive recursion.", "cvss3": {}, "published": "2020-05-26T00:00:00", "type": "openvas", "title": "Huawei Data Communication: OpenSSL Vulnerability in Some Huawei Products (huawei-sa-20180613-01-openssl)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-0739"], "modified": "2020-07-01T00:00:00", "id": "OPENVAS:1361412562310107831", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310107831", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.107831\");\n script_version(\"2020-07-01T08:36:56+0000\");\n script_tag(name:\"last_modification\", value:\"2020-07-01 08:36:56 +0000 (Wed, 01 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-26 15:22:01 +0200 (Tue, 26 May 2020)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_cve_id(\"CVE-2018-0739\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Huawei Data Communication: OpenSSL Vulnerability in Some Huawei Products (huawei-sa-20180613-01-openssl)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei\");\n script_dependencies(\"gb_huawei_vrp_network_device_consolidation.nasl\");\n script_mandatory_keys(\"huawei/vrp/detected\");\n\n script_tag(name:\"summary\", value:\"Constructed ASN.1 types with a recursive definition in some OpenSSL versions could eventually exceed the stack given malicious input with excessive recursion.\");\n\n script_tag(name:\"insight\", value:\"Constructed ASN.1 types with a recursive definition in some OpenSSL versions could eventually exceed the stack given malicious input with excessive recursion. Successful exploit could result in a Denial Of Service attack. (Vulnerability ID: HWPSIRT-2018-03073)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2018-0739.Huawei has released software updates to fix this vulnerability. This advisory is available in the linked references.\");\n\n script_tag(name:\"impact\", value:\"Successful exploit could result in a Denial Of Service attack.\");\n\n script_tag(name:\"affected\", value:\"AR3200 versions V200R008C20\n\n AnyOffice versions 2.5.0501.0290\n\n EulerOS versions V200R005C00\n\n FusionSphere OpenStack versions 6.5.0 6.5.RC1 6.5.RC2 V100R006C00 V100R006C10 V100R006C30\n\n OceanStor 5300 V3 versions V300R006C10\n\n OceanStor 5500 V3 versions V300R006C10\n\n OceanStor 5600 V3 versions V300R006C10\n\n OceanStor 5800 V3 versions V300R006C10\n\n OceanStor 6800 V3 versions V300R006C10\n\n OceanStor 9000 versions V300R005C00 V300R006C00 V300R006C10 V300R006C20\n\n OceanStor ReplicationDirector versions V200R001C00 V200R001C20\n\n OceanStor UDS versions V1R2C01LHWS01RC3 V1R2C01LHWS01RC6\n\n SMC2.0 versions V500R002C00 V600R006C00 V600R006C10\n\n eSpace VCN3000 versions V100R002C10 V100R002C20\");\n\n script_tag(name:\"solution\", value:\"See the referenced vendor advisory for a solution.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_xref(name:\"URL\", value:\"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180613-01-openssl-en\");\n\n exit(0);\n}\n\ninclude( \"host_details.inc\" );\ninclude( \"version_func.inc\" );\n\ncpe_list = make_list(\"cpe:/o:huawei:ar3200_firmware\",\n \"cpe:/o:huawei:anyoffice_firmware\",\n \"cpe:/o:huawei:euleros_firmware\",\n \"cpe:/o:huawei:fusionsphere_openstack_firmware\",\n \"cpe:/o:huawei:oceanstor_5300_v3_firmware\",\n \"cpe:/o:huawei:oceanstor_5500_v3_firmware\",\n \"cpe:/o:huawei:oceanstor_5600_v3_firmware\",\n \"cpe:/o:huawei:oceanstor_5800_v3_firmware\",\n \"cpe:/o:huawei:oceanstor_6800_v3_firmware\",\n \"cpe:/o:huawei:oceanstor_9000_firmware\",\n \"cpe:/o:huawei:oceanstor_replicationdirector_firmware\",\n \"cpe:/o:huawei:oceanstor_uds_firmware\",\n \"cpe:/o:huawei:smc2.0_firmware\",\n \"cpe:/o:huawei:espace_vcn3000_firmware\");\n\nif (!infos = get_app_version_from_list(cpe_list: cpe_list, nofork: TRUE))\n exit(0);\n\ncpe = infos[\"cpe\"];\nversion = toupper(infos[\"version\"]);\npatch = get_kb_item(\"huawei/vrp/patch\");\n\nif (cpe == \"cpe:/o:huawei:ar3200_firmware\") {\n if(version == \"V200R008C20\") {\n if (!patch || version_is_less(version: patch, test_version: \"V200R009C00SPC500\")) {\n report = report_fixed_ver(installed_version: version, installed_patch: patch, fixed_version: \"V200R009C00SPC500\");\n security_message(port: 0, data: report);\n exit(0);\n }\n }\n}\nelse if (cpe == \"cpe:/o:huawei:anyoffice_firmware\") {\n if(version == \"2.5.0501.0290\") {\n if (!patch || version_is_less(version: patch, test_version: \"2.6.1901.0060\")) {\n report = report_fixed_ver(installed_version: version, installed_patch: patch, fixed_version: \"2.6.1901.0060\");\n security_message(port: 0, data: report);\n exit(0);\n }\n }\n}\nelse if (cpe == \"cpe:/o:huawei:euleros_firmware\") {\n if(version == \"V200R005C00\") {\n if (!patch || version_is_less(version: patch, test_version: \"V200R005C00SPC201\")) {\n report = report_fixed_ver(installed_version: version, installed_patch: patch, fixed_version: \"V200R005C00SPC201\");\n security_message(port: 0, data: report);\n exit(0);\n }\n }\n}\nelse if (cpe == \"cpe:/o:huawei:fusionsphere_openstack_firmware\") {\n if(version == \"6.5.0\" || version == \"6.5.RC1\" || version == \"6.5.RC2\" || version == \"V100R006C00\" || version == \"V100R006C10\" || version == \"V100R006C30\") {\n if (!patch || version_is_less(version: patch, test_version: \"6.5.0\")) {\n report = report_fixed_ver(installed_version: version, installed_patch: patch, fixed_version: \"6.5.0\");\n security_message(port: 0, data: report);\n exit(0);\n }\n }\n}\nelse if (cpe == \"cpe:/o:huawei:oceanstor_5300_v3_firmware\") {\n if(version == \"V300R006C10\") {\n if (!patch || version_is_less(version: patch, test_version: \"V300R006C20\")) {\n report = report_fixed_ver(installed_version: version, installed_patch: patch, fixed_version: \"V300R006C20\");\n security_message(port: 0, data: report);\n exit(0);\n }\n }\n}\nelse if (cpe == \"cpe:/o:huawei:oceanstor_5500_v3_firmware\") {\n if(version == \"V300R006C10\") {\n if (!patch || version_is_less(version: patch, test_version: \"V300R006C20\")) {\n report = report_fixed_ver(installed_version: version, installed_patch: patch, fixed_version: \"V300R006C20\");\n security_message(port: 0, data: report);\n exit(0);\n }\n }\n}\nelse if (cpe == \"cpe:/o:huawei:oceanstor_5600_v3_firmware\") {\n if(version == \"V300R006C10\") {\n if (!patch || version_is_less(version: patch, test_version: \"V300R006C20\")) {\n report = report_fixed_ver(installed_version: version, installed_patch: patch, fixed_version: \"V300R006C20\");\n security_message(port: 0, data: report);\n exit(0);\n }\n }\n}\nelse if (cpe == \"cpe:/o:huawei:oceanstor_5800_v3_firmware\") {\n if(version == \"V300R006C10\") {\n if (!patch || version_is_less(version: patch, test_version: \"V300R006C20\")) {\n report = report_fixed_ver(installed_version: version, installed_patch: patch, fixed_version: \"V300R006C20\");\n security_message(port: 0, data: report);\n exit(0);\n }\n }\n}\nelse if (cpe == \"cpe:/o:huawei:oceanstor_6800_v3_firmware\") {\n if(version == \"V300R006C10\") {\n if (!patch || version_is_less(version: patch, test_version: \"V300R006C20\")) {\n report = report_fixed_ver(installed_version: version, installed_patch: patch, fixed_version: \"V300R006C20\");\n security_message(port: 0, data: report);\n exit(0);\n }\n }\n}\nelse if (cpe == \"cpe:/o:huawei:oceanstor_9000_firmware\") {\n if(version == \"V300R005C00\" || version == \"V300R006C00\" || version == \"V300R006C10\" || version == \"V300R006C20\") {\n if (!patch || version_is_less(version: patch, test_version: \"V300R006C20SPC100\")) {\n report = report_fixed_ver(installed_version: version, installed_patch: patch, fixed_version: \"V300R006C20SPC100\");\n security_message(port: 0, data: report);\n exit(0);\n }\n }\n}\nelse if (cpe == \"cpe:/o:huawei:oceanstor_replicationdirector_firmware\") {\n if(version == \"V200R001C00\" || version == \"V200R001C20\") {\n if (!patch || version_is_less(version: patch, test_version: \"V200R001C20SPC200\")) {\n report = report_fixed_ver(installed_version: version, installed_patch: patch, fixed_version: \"V200R001C20SPC200\");\n security_message(port: 0, data: report);\n exit(0);\n }\n }\n}\nelse if (cpe == \"cpe:/o:huawei:oceanstor_uds_firmware\") {\n if(version == \"V1R2C01LHWS01RC3\" || version == \"V1R2C01LHWS01RC6\") {\n if (!patch || version_is_less(version: patch, test_version: \"V1R2C01LHWS02\")) {\n report = report_fixed_ver(installed_version: version, installed_patch: patch, fixed_version: \"V1R2C01LHWS02\");\n security_message(port: 0, data: report);\n exit(0);\n }\n }\n}\nelse if (cpe == \"cpe:/o:huawei:smc2.0_firmware\") {\n if(version == \"V500R002C00\" || version == \"V600R006C00\" || version == \"V600R006C10\") {\n if (!patch || version_is_less(version: patch, test_version: \"V600R006C10SPC700\")) {\n report = report_fixed_ver(installed_version: version, installed_patch: patch, fixed_version: \"V600R006C10SPC700\");\n security_message(port: 0, data: report);\n exit(0);\n }\n }\n}\nelse if (cpe == \"cpe:/o:huawei:espace_vcn3000_firmware\") {\n if(version == \"V100R002C10\" || version == \"V100R002C20\") {\n if (!patch || version_is_less(version: patch, test_version: \"V100R003C00\")) {\n report = report_fixed_ver(installed_version: version, installed_patch: patch, fixed_version: \"V100R003C00\");\n security_message(port: 0, data: report);\n exit(0);\n }\n }\n}\n\nexit(99);\n\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "kaspersky": [{"lastseen": "2021-08-18T11:14:19", "description": "### *Detect date*:\n04/17/2018\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Oracle VM VirtualBox. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, gain privileges, read and write local files.\n\n### *Affected products*:\nOracle VM VirtualBox 5.1.x earlier than 5.1.36 \nOracle VM VirtualBox 5.2.x earlier than 5.2.10\n\n### *Solution*:\nUpdate to the latest version \n[Download VirtualBox](<https://www.virtualbox.org/wiki/Downloads>)\n\n### *Original advisories*:\n[Oracle Critical Patch Update Advisory \u2013 April 2018](<http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixOVIR>) \n\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[Oracle VirtualBox](<https://threats.kaspersky.com/en/product/Oracle-VirtualBox/>)\n\n### *CVE-IDS*:\n[CVE-2018-2835](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2835>)4.4Warning \n[CVE-2018-2836](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2836>)4.4Warning \n[CVE-2018-2837](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2837>)4.4Warning \n[CVE-2018-0739](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0739>)4.3Warning \n[CVE-2018-2842](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2842>)4.6Warning \n[CVE-2018-2843](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2843>)4.6Warning \n[CVE-2018-2844](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2844>)4.6Warning \n[CVE-2018-2845](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2845>)4.6Warning \n[CVE-2018-2860](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2860>)4.6Warning \n[CVE-2018-2830](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2830>)4.4Warning \n[CVE-2018-2831](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2831>)2.1Warning", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2018-04-17T00:00:00", "type": "kaspersky", "title": "KLA11236 Multiple vulnerabilities in Oracle VM VirtualBox", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0739", "CVE-2018-2830", "CVE-2018-2831", "CVE-2018-2835", "CVE-2018-2836", "CVE-2018-2837", "CVE-2018-2842", "CVE-2018-2843", "CVE-2018-2844", "CVE-2018-2845", "CVE-2018-2860"], "modified": "2020-06-03T00:00:00", "id": "KLA11236", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11236/", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "This update provides virtualbox 5.2.12 and fixes the following security issues: Unauthorized remote attacker may have caused a hang or frequently repeatable crash (complete DOS) (CVE-2018-0739). Attacker with host login may have compromised Virtualbox or further system services after interaction with a third user (CVE-2018-2830). Attacker with host login may have compromised VirtualBox or further system services, allowing read access to some data (CVE-2018-2831). Attacker with host login may have gained control over VirtualBox and possibly further system services after interacting with a third user (CVE-2018-2835, CVE-2018-2836, CVE-2018-2837, CVE-2018-2842, CVE-2018-2843, CVE-2018-2844). Attacker with host login may have caused a hang or frequently repeatable crash (complete DOS), and perform unauthorized read and write operation to some VirtualBox accessible data (CVE-2018-2845). Privileged attacker may have gained control over VirtualBox and possibly further system services (CVE-2018-2860). For other fixes in this update, see the referenced changelog \n", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-05-29T19:41:14", "type": "mageia", "title": "Updated virtualbox packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0739", "CVE-2018-2830", "CVE-2018-2831", "CVE-2018-2835", "CVE-2018-2836", "CVE-2018-2837", "CVE-2018-2842", "CVE-2018-2843", "CVE-2018-2844", "CVE-2018-2845", "CVE-2018-2860"], "modified": "2018-05-29T19:41:14", "id": "MGASA-2018-0257", "href": "https://advisories.mageia.org/MGASA-2018-0257.html", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T11:19:34", "description": "Hanno B\u00f6ck discovered that the Apache HTTP Server incorrectly handled Limit directives in .htaccess files. In certain configurations, a remote attacker could possibly use this issue to read arbitrary server memory, including sensitive information. This issue is known as Optionsbleed (CVE-2017-9798). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-01-01T10:38:51", "type": "mageia", "title": "Updated apache packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2018-01-01T10:38:51", "id": "MGASA-2018-0009", "href": "https://advisories.mageia.org/MGASA-2018-0009.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-04-18T11:19:34", "description": "Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe (CVE-2018-0739). \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-04-03T18:48:20", "type": "mageia", "title": "Updated openssl packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0739"], "modified": "2018-04-03T18:48:20", "id": "MGASA-2018-0190", "href": "https://advisories.mageia.org/MGASA-2018-0190.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2022-01-17T19:04:21", "description": "### Background\n\nVirtualBox is a powerful virtualization product from Oracle.\n\n### Description\n\nMultiple vulnerabilities have been discovered in VirtualBox. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nAn attacker could take control of VirtualBox resulting in the execution of arbitrary code with the privileges of the process, a Denial of Service condition, or other unspecified impacts. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll VirtualBox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulation/virtualbox-5.1.36\"\n \n\nAll VirtualBox binary users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=app-emulation/virtualbox-bin-5.1.36.122089\"", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2018-05-22T00:00:00", "type": "gentoo", "title": "VirtualBox: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2830", "CVE-2018-2831", "CVE-2018-2835", "CVE-2018-2836", "CVE-2018-2837", "CVE-2018-2842", "CVE-2018-2843", "CVE-2018-2844", "CVE-2018-2845", "CVE-2018-2860"], "modified": "2018-05-22T00:00:00", "id": "GLSA-201805-08", "href": "https://security.gentoo.org/glsa/201805-08", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "ibm": [{"lastseen": "2022-10-01T01:54:29", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by Rational BuildForge Agent shipped with IBM Rational Team Concert. Rational BuildForge has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2018-0739_ ](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0739>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service. By sending specially crafted ASN.1 data with a recursive definition, a remote attacker could exploit this vulnerability to consume excessive stack memory. \n**CVSS Base Score** : 5.3 \n**CVSS Temporal Score** : See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140847> for the current score. \n**CVSS Environmental Score*** : Undefined \n**CVSS Vector** : (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2017-3738_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3738>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. An attacker could exploit this vulnerability to obtain information about the private key. Note: In order to exploit this vulnerability, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. \n**CVSS Base Score:** 3.1 \n**CVSS Temporal Score:** See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/136078_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/136078>) for the current score. \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector: **(CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2017-3737_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3737>) \n**DESCRIPTION:** An unspecified vulnerability in multiple Oracle products could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and high availability impact. \n**CVSS Base Score:** 5.3 \n**CVSS Temporal Score:** See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/136077_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/136077>) for the current score. \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nRational Collaborative Lifecycle Management 5.0 - 6.0.6 \n \nRational Team Concert 5.0 - 5.0.2 \nRational Team Concert 6.0 - 6.0.6\n\n## Remediation/Fixes\n\nUpgrade your Rational Build Forge Agent to version 8.0.0.8 from: [Download](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Build+Forge&fixids=RationalBuildForge-8.0.0.8&source=SAR>) link.\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n## Important Note\n\nIBM strongly suggests that all System z customers be subscribed to the System z Security Portal to receive the latest critical System z security and integrity service. If you are not subscribed, see the instructions on the [System z Security web site](<http://www.ibm.com/systems/z/solutions/security_subintegrity.html>). Security and integrity APARs and associated fixes will be posted to this portal. IBM suggests reviewing the CVSS scores and applying all security or integrity fixes as soon as possible to minimize any potential risk.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n16 July 2018: Initial publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Internal Use Only\n\nAdvisories covered: 11553 and 11757\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSPRJQ\",\"label\":\"IBM Engineering Lifecycle Management Base\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"5.0.x;6.0;6.0.1;6.0.2;6.0.3;6.0.4;6.0.5\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB59\",\"label\":\"Sustainability Software\"}},{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSUC3U\",\"label\":\"IBM Engineering Workflow Management\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"5.0.x;6.0;6.0.1;6.0.2;6.0.3;6.0.4;6.0.5\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB59\",\"label\":\"Sustainability Software\"}}] \n\n## Product Synonym\n\nRational Team Concert;Rational Collaborative Lifecycle Management Solution", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-04-28T18:35:50", "type": "ibm", "title": "Security Bulletin: OpenSSL vulnerabilities affect IBM Rational Team Concert", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0701", "CVE-2017-3737", "CVE-2017-3738", "CVE-2018-0739"], "modified": "2021-04-28T18:35:50", "id": "70D8566E5246B3550B562DC69BD9E44914B7C5D0DCD3C21264DA9CD5683C56E6", "href": "https://www.ibm.com/support/pages/node/717223", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-06-28T21:58:41", "description": "## Summary\n\nPowerKVM is affected by a vulnerability in the Apache HTTP Server (httpd). IBM has now addressed this vulnerability.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2017-9798_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9798>)** \nDESCRIPTION:** Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS method, aka Optionsbleed. By sending an OPTIONS HTTP request, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/132159_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/132159>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n\n## Affected Products and Versions\n\nPowerKVM 3.1\n\n## Remediation/Fixes\n\nCustomers can update PowerKVM systems by using \"yum update\". \n\nFix images are made available via Fix Central. For version 3.1, see [_https://ibm.biz/BdHggw_](<https://ibm.biz/BdHggw>). This issue is addressed starting with v3.1.0.2 update 11.\n\n## Workarounds and Mitigations\n\nnone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n19 October 2017 - Initial Version\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSZJY4\",\"label\":\"PowerKVM\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"3.1\",\"Edition\":\"KVM\",\"Line of Business\":{\"code\":\"LOB08\",\"label\":\"Cognitive Systems\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-18T01:38:34", "type": "ibm", "title": "Security Bulletin: A vulnerability in httpd affects PowerKVM", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2018-06-18T01:38:34", "id": "59AFB6B22B3D21FAFDC933DA29973F4C6887013B5320E839F5B0B140E8DDA7D1", "href": "https://www.ibm.com/support/pages/node/632369", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-07-08T22:15:32", "description": "## Summary\n\nApache HTTP Server has security vulnerability caused due to error in the HTTP Option method. Respective security vulnerability is discussed in detail in the subsequent section.\n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2017-9798_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9798>)** \nDESCRIPTION:** Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS method, aka Optionsbleed. By sending an OPTIONS HTTP request, a remote attacker could exploit this vulnerability to obtain sensitive information. \n**CVSS Base Score:** 7.5 \n**CVSS Temporal Score: **See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/132159_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/132159>) for the current score. \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n\n## Affected Products and Versions\n\nIBM Rational Build Forge from 8.0.0.6.\n\n## Remediation/Fixes\n\nYou must download the Fix pack specified in the following table and apply it. \n\n\n**Affected Version** | \n\n**Fix** \n---|--- \n \nBuild Forge 8.0.0.6 | \n\nRational Build Forge 8.0.0.7 [Download](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Build+Forge&fixids=RationalBuildForge-8.0.0.7&source=SAR>). \n \n\n\n## Workarounds and Mitigations\n\nNone.\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\nNone\n\n## Change History\n\n* 22 MARCH 2018: Original copy published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n## Internal Use Only\n\nNone.\n\n[{\"Product\":{\"code\":\"SSB2MV\",\"label\":\"Rational Build Forge\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Component\":\"Web Console\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"8.0.0.6\",\"Edition\":\"Enterprise;Enterprise Plus;Express;Standard\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-20T14:39:19", "type": "ibm", "title": "Security Bulletin: A Security vulnerability has been identified in Apache HTTP Server used by Rational Build Forge. (CVE-2017-9798)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2020-04-20T14:39:19", "id": "825B52995DBE90672BBA09CCFBDD51925814B984495E8E740D466D1C921FE61C", "href": "https://www.ibm.com/support/pages/node/567551", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-09-27T14:04:28", "description": "## Summary\n\nIBM SmartCloud Entry has addressed the vulnerability in Apache HTTP. Following are the vulnerability details.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2017-9798_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9798>)** \nDESCRIPTION:** Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS method, aka Optionsbleed. By sending an OPTIONS HTTP request, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/132159_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/132159>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n\n## Affected Products and Versions\n\nIBM Smart Cloud Entry 2.4, 3.1, and 3.2\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRMF**| **APAR**| **Remediation/First Fix** \n---|---|---|--- \nIBM SmartCloud Entry| 3.2| None| Contact [IBM Support.](<https://www-947.ibm.com/support/servicerequest/newServiceRequest.action>) \nIBM SmartCloud Entry| 3.1| None \nIBM SmartCloud Entry| 2.4| None \n \nFor all IBM Smart Cloud Entry releases, refer to information about the replacement program as per withdrawal announcement ENUS914-189. For information about the latest release of IBM Cloud Manager for Openstack, please see** **[**http://www-01.ibm.com/support/docview.wss?uid=isg400003605**](<http://www-01.ibm.com/support/docview.wss?uid=isg400003605>)[](<http://www-01.ibm.com/support/docview.wss?uid=isg400003360>) \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\nInitial draft dated January 5 2018. \nSecond draft dated January 7 2018. \nThird draft dated January 8 2018. \nFourth draft dated January 8 2018. \nVersion published: \n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/bulletin/#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n[{\"Product\":{\"code\":\"SST55W\",\"label\":\"IBM Cloud Manager with OpenStack\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"2.4;3.1;3.2\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-19T00:49:12", "type": "ibm", "title": "Security Bulletin: Security vulnerability in Apache HTTP affects IBM SmartCloud Entry (CVE-2017-9798)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2020-07-19T00:49:12", "id": "91C10A77460E47F53661352C6380E6E959F0A94B552C3AE3314BBEC480C0AD09", "href": "https://www.ibm.com/support/pages/node/632757", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-06-28T22:10:48", "description": "## Summary\n\nIBM Security Access Manager Appliance has addressed the following vulnerability. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2017-9798_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9798>)** \nDESCRIPTION:** Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS method, aka Optionsbleed. By sending an OPTIONS HTTP request, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/132159_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/132159>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\n**Affected IBM Security Access Manager Appliance**\n\n| \n\n**Affected Versions** \n \n---|--- \nIBM Security Access Manager for Web| 7.0-7.0.0.31 \n \n## Remediation/Fixes\n\n**Product**\n\n| \n\n**VRMF**\n\n| \n\n**APAR**\n\n| \n\n**Remediation ** \n \n---|---|---|--- \nIBM Security Access Manager for Web| 7.0 - 7.0.0.31| IJ03385| Upgrade to 7.0.0.34: \n[7.0.0-ISS-WGA-IF0034](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=7.0.0&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n30 May 2018: Original version published.\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSZU8Q\",\"label\":\"IBM Security Access Manager\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF004\",\"label\":\"Appliance\"}],\"Version\":\"7.0.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-16T22:05:42", "type": "ibm", "title": "Security Bulletin: IBM Security Access Manager Appliance is affected by a HTTPD vulnerability (CVE-2017-9798)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2018-06-16T22:05:42", "id": "75AE9D4CB9FE02C082FC4424DBD420EA2EAC4CD4BCE0C4E376DC8DEE1119F8D3", "href": "https://www.ibm.com/support/pages/node/305015", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-12-19T13:40:07", "description": "## Summary\n\nHTTP Server is supported by IBM i. IBM i has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2017-9798_](http://cve.mitre.org/cgi-\nbin/cvename.cgi?name=CVE-2017-9798) \n**DESCRIPTION:** Apache HTTP Server could allow a remote attacker to obtain\nsensitive information, caused by a flaw in the HTTP OPTIONS method, aka\nOptionsbleed. By sending an OPTIONS HTTP request, a remote attacker could\nexploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See\n[_https://exchange.xforce.ibmcloud.com/vulnerabilities/132159_](https://exchange.xforce.ibmcloud.com/vulnerabilities/132159)\nfor the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nReleases 7.1, 7.2 and 7.3 of IBM i are affected.\n\n## Remediation/Fixes\n\nThe issue can be fixed by applying a PTF to IBM i. \n \nReleases 7.1, 7.2 and 7.3 of IBM i are supported and will be fixed.\n\n[_http://www-933.ibm.com/support/fixcentral/_](http://www-933.ibm.com/support/fixcentral/)\n\n \nThe IBM i PTF numbers are: \n \n**Release 7.1 \u2013 SI65939** \n**Release 7.2 \u2013 SI65915** \n**Release 7.3 \u2013 SI65906** \n \n**_Important note:_** _IBM recommends that all users running unsupported\nversions of affected products upgrade to supported and fixed version of\naffected products._\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](\nhttp://www-01.ibm.com/software/support/einfo.html) to be notified of important\nproduct support alerts like this.\n\n### References\n\n[Complete CVSS v2 Guide](http://www.first.org/cvss/v2/guide \"Link resides\noutside of ibm.com\") \n[On-line Calculator v2](http://nvd.nist.gov/CVSS-v2-Calculator \"Link resides\noutside of ibm.com\")\n\n[Complete CVSS v3 Guide](http://www.first.org/cvss/user-guide \"Link resides\noutside of ibm.com\") \n[On-line Calculator v3](http://www.first.org/cvss/calculator/3.0 \"Link resides\noutside of ibm.com\")\n\nOff\n\n## Related Information\n\n[IBM Secure Engineering Web Portal](http://www.ibm.com/security/secure-\nengineering/bulletins.html) \n[IBM Product Security Incident Response Blog](http://www.ibm.com/blogs/psirt)\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the\nCommon Vulnerability Scoring System (CVSS) is an \"industry open standard\ndesigned to convey vulnerability severity and help to determine urgency and\npriority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY\nOF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS\nFOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT\nOF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Type\":\"MASTER\",\"Line of Business\":{\"code\":\"LOB08\",\"label\":\"Cognitive\nSystems\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure\nw\\/TPS\"},\"Product\":{\"code\":\"SWG60\",\"label\":\"IBM\ni\"},\"Platform\":[{\"code\":\"PF012\",\"label\":\"IBM i\"}],\"Version\":\"7.1.0\"}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-12-18T14:26:38", "type": "ibm", "title": "Security Bulletin: Vulnerability CVE-2017-9798 in the IBM i HTTP Server affects IBM i.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2019-12-18T14:26:38", "id": "E515D9AE5ED3FEB7BDBAF35D90286D2E963A5E50F83A19555DC0BA545BE5A8E7", "href": "https://www.ibm.com/support/pages/node/687639", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-12-30T21:45:50", "description": "## Summary\n\nz/TPF has addressed the OpenSSL denial of service vulnerability.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2018-0739_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0739>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service. By sending specially crafted ASN.1 data with a recursive definition, a remote attacker could exploit this vulnerability to consume excessive stack memory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/140847_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/140847>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n## Affected Products and Versions\n\nz/TPF Enterprise Edition Version 1.1.13 - 1.1.15\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRMF**| **APAR**| **Remediation/First Fix** \n---|---|---|--- \nz/TPF| 1.1.15| APAR PJ45322| Apply the APAR, which is available for download from the [TPF Family Product: Maintenance](<http://www.ibm.com/support/docview.wss?uid=swg27049604>) web page. \n \n\n\n## Workarounds and Mitigations\n\nNone.\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n## Important Note\n\nIBM strongly suggests that all System z customers be subscribed to the System z Security Portal to receive the latest critical System z security and integrity service. If you are not subscribed, see the instructions on the [System z Security web site](<http://www.ibm.com/systems/z/solutions/security_subintegrity.html>). Security and integrity APARs and associated fixes will be posted to this portal. IBM suggests reviewing the CVSS scores and applying all security or integrity fixes as soon as possible to minimize any potential risk.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\nNone\n\n## Change History\n\n30 May 2018: Original version published.\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Product\":{\"code\":\"SSZL53\",\"label\":\"TPF\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Component\":\"z\\/TPF\",\"Platform\":[{\"code\":\"PF036\",\"label\":\"z\\/TPF\"}],\"Version\":\"1.1\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB35\",\"label\":\"Mainframe SW\"}}]", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-06-15T07:09:13", "type": "ibm", "title": "Security Bulletin: z/TPF is affected by the OpenSSL denial of service vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0739"], "modified": "2018-06-15T07:09:13", "id": "62E7A719C331FCAB47075BA0B9A2AFE666ABEF25DA19EDB1572CD3B9D2B9095E", "href": "https://www.ibm.com/support/pages/node/569939", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-12-05T17:35:16", "description": "## Summary\n\nIBM MQ have addressed a vulnerability whereby OpenSSL could allow a remote attacker to execute a denial of service attack by sending specially crafted ASN.1 data. \n \nOpenSSL is used by IBM MQ Advanced Message Security on the IBM i platform only.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2018-0739_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0739>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service. By sending specially crafted ASN.1 data with a recursive definition, a remote attacker could exploit this vulnerability to consume excessive stack memory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/140847_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/140847>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n## Affected Products and Versions\n\n**_IBM MQ v8.0_**\n\n * Maintenance levels 8.0.0.0 - 8.0.0.9\n \n**_IBM MQ v9 LTS_**\n\n * Maintenance levels 9.0.0.0 - 9.0.0.3\n\n## Remediation/Fixes\n\n**_IBM MQ v8.0_**\n\n * [Apply Fixpack 8.0.0.10](<http://www-01.ibm.com/support/docview.wss?uid=swg22017459>)\n \n**_IBM MQ v9 LTS_**\n\n * [Apply Fixpack 9.0.0.4](<http://www-01.ibm.com/support/docview.wss?uid=swg24044869>)\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n22 June 2018: Original version published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n[{\"Product\":{\"code\":\"SSYHRD\",\"label\":\"IBM MQ\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"WMQ Advanced Message Security\",\"Platform\":[{\"code\":\"PF012\",\"label\":\"IBM i\"}],\"Version\":\"9.0.0.3;9.0.0.2;9.0.0.1;9.0;8.0.0.9;8.0.0.8;8.0.0.7;8.0.0.6;8.0.0.5;8.0.0.4;8.0.0.3;8.0.0.2;8.0.0.1;8.0\",\"Edition\":\"All Editions\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-08-20T01:29:42", "type": "ibm", "title": "Security Bulletin: IBM MQ Advanced Message Security is vulnerable to an OpenSSL error while parsing an ASN.1 data. (CVE-2018-0739)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0739"], "modified": "2022-08-20T01:29:42", "id": "CDE6875133587A5E5E6ED5F01AB9C60FC14D6A03BA892EF38B70353468007DF8", "href": "https://www.ibm.com/support/pages/node/711819", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-28T22:12:35", "description": "## Summary\n\nAspera OnDemand has addressed the following openSSL vulnerability.\n\n## Vulnerability Details\n\n**CVEID**: CVE-2018-0739 \n**DESCRIPTION**: OpenSSL is vulnerable to a denial of service. By sending specially crafted ASN.1 data with a recursive definition, a remote attacker could exploit this vulnerability to consume excessive stack memory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/140847 for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\n**Affected Products** | **Affected Versions** \n---|--- \nAspera Faspex On Demand | 3.7.4 \nAspera Shares On Demand | 3.7.4 \nAspera Server On Demand | 3.7.4 \nAspera Platform On Demand | 3.7.4 \n \n \n \n \u00a0\n\n## Remediation/Fixes\n\n**Product** | **VRMF** | **APAR** | **Remediation / First Fix** \n---|---|---|--- \nAspera Faspex On Demand | 3.8.0 | N/A | 2017Q4/2018Q1 \nAspera Shares on Demand | 3.8.0 | N/A | 2017Q4/2018Q1 \nAspera Server on Demand | 3.8.0 | N/A | 2017Q4/2018Q1 \nAspera Platform on Demand | 3.8.0 | N/A | 2017Q4/2018Q1 \n \n \n \n \u00a0\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n21 September 2018: Original version published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Product\":{\"code\":\"SS8NDZ\",\"label\":\"IBM Aspera\"},\"Component\":\"Aspera Faspex on Demand;Aspera Shares on Demand;Aspera Server on Demand;Aspera Platform on Demand\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"3.7.4 and earlier\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-09-14T18:45:01", "type": "ibm", "title": "Security Bulletin: Aspera OnDemand is affected by an openSSL vulnerability (CVE-2018-0739)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0739"], "modified": "2018-09-14T18:45:01", "id": "2BEBB38964CEA4B62F9F2515093252761533127501B62DEFAAC8D801CC37ED8F", "href": "https://www.ibm.com/support/pages/node/731537", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-02-10T00:00:00", "description": "## Summary\n\nIBM Aspera Faspex, IBM Aspera Console have addressed the following OpenSSL vulnerability.\n\n## Vulnerability Details\n\n**Vulnerability Details**\n\n**CVEID: **[CVE-2018-0739](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0739>) \n**DESCRIPTION: ** OpenSSL is vulnerable to a denial of service. By sending specially crafted ASN.1 data with a recursive definition, a remote attacker could exploit this vulnerability to consume excessive stack memory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140847> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM Aspera Faspex 4.1.1\n\nIBM Aspera Console 3.3.2\n\n## Remediation/Fixes\n\n**Product** | **VRMF** | **APAR** | **Remediation/First Fix** \n---|---|---|--- \nIBM Aspera Faspex | 4.2.1 | None | <https://downloads.asperasoft.com/en/downloads/6> \nIBM Aspera Console | 3.3.3 | None | [https://downloads.asperasoft.com/en/downloads/3](<https://downloads.asperasoft.com/en/downloads/6>) \n \n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Product\":{\"code\":\"SS8NDZ\",\"label\":\"IBM Aspera\"},\"Component\":\"\",\"Platform\":[],\"Version\":\"All Versions\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}}]", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-05-20T23:30:01", "type": "ibm", "title": "Security Bulletin: IBM Aspera Faspex, IBM Aspera Console are affected by OpenSSL Vulnerability (CVE-2018-0739)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0739"], "modified": "2019-05-20T23:30:01", "id": "FD54ED57D0984C8885C877F9181732A5619A1E525F7855FB4A72EC63053B7375", "href": "https://www.ibm.com/support/pages/node/884652", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-28T22:05:13", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on March 27 2018 by the OpenSSL Project. OpenSSL is used by IBM Rational ClearQuest. IBM Rational ClearQuest has addressed the applicable CVE.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2018-0739_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0739>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service. By sending specially crafted ASN.1 data with a recursive definition, a remote attacker could exploit this vulnerability to consume excessive stack memory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/140847_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/140847>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nRational ClearQuest version 8 and 9 in the following components:\n\n * ClearQuest hooks and cqperl/ratlperl scripts that use SSL.\n * Database drivers configured to use SSL connections to the database.\n\n**Version**\n\n| \n\n**Status** \n \n---|--- \n \n9.0.1 through 9.0.1.3\n\n| \n\nAffected \n \n9.0 through 9.0.0.6\n\n| \n\nAffected \n \n8.0.1 through 8.0.1.17\n\n| \n\nAffected \n \n8.0 through 8.0.0.21\n\n| \n\nAffected \n \n## Remediation/Fixes\n\nApply a fix pack as listed in the table below. The fix pack includes OpenSSL **1.0.2o.**\n\n**Affected Versions**\n\n| \n\n**Applying the fix** \n \n---|--- \n \n9.0.1 through 9.0.1.3 \n9.0 through 9.0.0.6\n\n| Install [Rational ClearQuest Fix Pack 4 (9.0.1.4) for 9.0.1](<http://www.ibm.com/support/docview.wss?uid=swg24045017>) \n \n8.0.1 through 8.0.1.17 \n8.0 through 8.0.0.21\n\n| Install [Rational ClearQuest Fix Pack 18 (8.0.1.18) for 8.0.1](<http://www.ibm.com/support/docview.wss?uid=swg24045015>) \n \n_For 7.0.x, 7.1.x, 8.0.x and earlier releases, IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n## Workarounds and Mitigations\n\nNone.\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n[_OpenSSL Project vulnerability website_](<http://www.openssl.org/news/vulnerabilities.html>)\n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n9 August 2018: Original version published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Product\":{\"code\":\"SSSH5A\",\"label\":\"Rational ClearQuest\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"9.0.1.3;9.0.1.2;9.0.1.1;9.0.1;9.0.0.6;9.0.0.5;9.0.0.4;9.0.0.3;9.0.0.2;9.0.0.1;9.0;8.0.1.9;8.0.1.8;8.0.1.7;8.0.1.6;8.0.1.5;8.0.1.4;8.0.1.3;8.0.1.2;8.0.1.17;8.0.1.16;8.0.1.15;8.0.1.14;8.0.1.13;8.0.1.12;8.0.1.11;8.0.1.10;8.0.1.1;8.0.1;8.0.0.9;8.0.0.8;8.0.0.7;8.0.0.6;8.0.0.5;8.0.0.4;8.0.0.3;8.0.0.21;8.0.0.20;8.0.0.2;8.0.0.19;8.0.0.18;8.0.0.17;8.0.0.16;8.0.0.15;8.0.0.14;8.0.0.13;8.0.0.12;8.0.0.11;8.0.0.10;8.0.0.1;8.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-08-09T16:40:05", "type": "ibm", "title": "Security Bulletin: A security vulnerability in OpenSSL affects IBM Rational ClearQuest (CVE-2018-0739)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0739"], "modified": "2018-08-09T16:40:05", "id": "0A3CB536625237AF6E1A39B78799B41B9AF062894DA038E4F769071D72640FDB", "href": "https://www.ibm.com/support/pages/node/718373", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-28T22:14:06", "description": "## Summary\n\nA security vulnerability has been identified in OpenSSL that is used by IBM Cloud Manager with OpenStack. IBM Cloud Manager with OpenStack has addressed this vulnerability. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-0739](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0739>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service. By sending specially crafted ASN.1 data with a recursive definition, a remote attacker could exploit this vulnerability to consume excessive stack memory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140847> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\n**Affected Product Name**\n\n| \n\n**Affected Versions** \n \n---|--- \nIBM Cloud Manager with OpenStack | 4.3 \n \n \n\n\n## Remediation/Fixes\n\n**Product**\n\n| \n\n**VRMF**\n\n| \n\n**Remediation / First Fix** \n \n---|---|--- \nIBM Cloud Manager with OpenStack | 4.3 | \n\nUpgrade to 4.3 FP 11:\n\n[https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FOther%20software&product=ibm/Other+software/Cloud+Manager+with+Openstack&release=All&platform=All&function=fixId&fixids=4.3.0.11-IBM-CMWO-FP11&includeSupersedes=0 ](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FOther%20software&product=ibm/Other+software/Cloud+Manager+with+Openstack&release=All&platform=All&function=fixId&fixids=4.3.0.11-IBM-CMWO-FP11&includeSupersedes=0>) \n \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n18 Sep 2018: Original Version Published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SST55W\",\"label\":\"IBM Cloud Manager with OpenStack\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"4.3.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-09-18T10:00:08", "type": "ibm", "title": "Security Bulletin: IBM Cloud Manager with OpenStack is affected by a OpenSSL vulnerabilities (CVE-2018-0739)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0739"], "modified": "2018-09-18T10:00:08", "id": "15B7946476C14969EFBB158D48A2E631603F1323E17E2D4BDC13FB3B86B3B63B", "href": "https://www.ibm.com/support/pages/node/725849", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-09-26T13:49:26", "description": "## Summary\n\nOpenSSL has security vulnerabilities that allows a remote attacker to exploit the application. Respective security vulnerabilities are discussed in detail in the subsequent sections. \n\n## Vulnerability Details\n\n \n\n * This section includes the vulnerability details that affects the Rational Build Forge. \n\n**CVEID:** [_CVE-2018-0739_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0739>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service. By sending specially crafted ASN.1 data with a recursive definition, a remote attacker could exploit this vulnerability to consume excessive stack memory. \n**CVSS Base Score**: 5.3 \n**CVSS Temporal Score**: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140847> for the current score. \n**CVSS Environmental Score***: Undefined \n**CVSS Vector**: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nIBM Rational Build Forge from 8.0.0.7.\n\n## Remediation/Fixes\n\nYou must download the Fix pack specified in the following table and apply it.\n\n * **Affected Supporting Product**\n| \n\n * **Remediation/Fix ** \n---|--- \n \n * IBM Rational Build Forge 8.0.0.7\n| Rational Build Forge 8.0.0.8 [Download](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Build+Forge&fixids=RationalBuildForge-8.0.0.8&source=SAR>). \n \n## Workarounds and Mitigations\n\nNone.\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\nNone\n\n## Change History\n\n* 29 JUNE 2018: Original copy published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n## Internal Use Only\n\nNone.\n\n[{\"Product\":{\"code\":\"SSB2MV\",\"label\":\"Rational Build Forge\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Component\":\"Web Console\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"8.0.0.6;8.0.0.7\",\"Edition\":\"Enterprise;Enterprise Plus;Express;Standard\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-04-20T14:40:53", "type": "ibm", "title": "Security Bulletin: A Security Vulnerability identified in OpenSSL affect Rational Build Forge (CVE-2018-0739)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0739"], "modified": "2020-04-20T14:40:53", "id": "9689CC781FFB77A68D0808F73F4652707DF84089948BC46748A94D94E9B86E90", "href": "https://www.ibm.com/support/pages/node/711847", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-28T22:13:01", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on March 27 2018 by the OpenSSL Project. OpenSSL is used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVE.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-0739](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0739>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service. By sending specially crafted ASN.1 data with a recursive definition, a remote attacker could exploit this vulnerability to consume excessive stack memory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/140847](<https://exchange.xforce.ibmcloud.com/vulnerabilities/140847>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n## Affected Products and Versions\n\nIBM Rational ClearCase versions: \n\n\n**Version**\n\n| \n\n**Status** \n \n---|--- \n \n9.0.1 through 9.0.1.3\n\n| \n\nAffected \n \n9.0 through 9.0.0.6\n\n| \n\nAffected \n \n8.0.1 through 8.0.1.17\n\n| \n\nAffected \n \n8.0 through 8.0.0.21\n\n| \n\nAffected \n \n \nNot all deployments of Rational ClearCase use OpenSSL in a way that is affected by these vulnerabilities. \n \nYou are vulnerable if your use of Rational ClearCase includes _any_ of these configurations:\n\n 1. You use the base ClearCase/ClearQuest integration client on any platform, configured to use SSL to communicate with a ClearQuest server.\n 2. You use the UCM/ClearQuest integration on UNIX/Linux clients, configured to use SSL to communicate with a ClearQuest server. \n**Note:** Windows clients using the UCM/ClearQuest integration are not vulnerable.\n 3. On UNIX/Linux clients, you use the Change Management Integration (CMI), when configured to use SSL to communicate with the server. \n**Note:** Windows clients using the CMI integration are not vulnerable.\n 4. You use ratlperl, ccperl, or cqperl to run your own perl scripts, **and** those scripts use SSL connections.\n\n## Remediation/Fixes\n\nApply a fix pack as listed in the table below. The fix pack includes OpenSSL **1.0.2o.** \n\n\n**Affected Versions**\n\n| \n\n**Applying the fix** \n \n---|--- \n \n9.0.1 through 9.0.1.3 \n9.0 through 9.0.0.6\n\n| Install [Rational ClearCase Fix Pack 4 (9.0.1.4) for 9.0.1](<http://www.ibm.com/support/docview.wss?uid=swg24045018>) \n \n8.0.1 through 8.0.1.17 \n8.0 through 8.0.0.21\n\n| Install [Rational ClearCase Fix Pack 18 (8.0.1.18) for 8.0.1](<http://www.ibm.com/support/docview.wss?uid=swg24045016>) \n \n_For 7.0.x, 7.1.x, 8.0.x and earlier releases, IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n## Workarounds and Mitigations\n\nNone.\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n## Important Note\n\nIBM strongly suggests that all System z customers be subscribed to the System z Security Portal to receive the latest critical System z security and integrity service. If you are not subscribed, see the instructions on the [System z Security web site](<http://www.ibm.com/systems/z/solutions/security_subintegrity.html>). Security and integrity APARs and associated fixes will be posted to this portal. IBM suggests reviewing the CVSS scores and applying all security or integrity fixes as soon as possible to minimize any potential risk.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n[_OpenSSL Project vulnerability website_](<http://www.openssl.org/news/vulnerabilities.html>)\n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n9 August 2018: Original version published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Product\":{\"code\":\"SSSH27\",\"label\":\"Rational ClearCase\"},\"Component\":\"Perl: ratlperl\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"9.0.1.3;9.0.1.2;9.0.1.1;9.0.1;9.0.0.6;9.0.0.5;9.0.0.4;9.0.0.3;9.0.0.2;9.0.0.1;9.0;8.0.1.9;8.0.1.8;8.0.1.7;8.0.1.6;8.0.1.5;8.0.1.4;8.0.1.3;8.0.1.2;8.0.1.17;8.0.1.16;8.0.1.15;8.0.1.14;8.0.1.13;8.0.1.12;8.0.1.11;8.0.1.10;8.0.1.1;8.0.1;8.0.0.9;8.0.0.8;8.0.0.7;8.0.0.6;8.0.0.5;8.0.0.4;8.0.0.3;8.0.0.21;8.0.0.20;8.0.0.2;8.0.0.19;8.0.0.18;8.0.0.17;8.0.0.16;8.0.0.15;8.0.0.14;8.0.0.13;8.0.0.12;8.0.0.11;8.0.0.10;8.0.0.1;8.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}},{\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Product\":{\"code\":\"SSSH27\",\"label\":\"Rational ClearCase\"},\"Component\":\"Integrations\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"9.0.1.3;9.0.1.2;9.0.1.1;9.0.1;9.0.0.6;9.0.0.5;9.0.0.4;9.0.0.3;9.0.0.2;9.0.0.1;9.0;8.0.1.9;8.0.1.8;8.0.1.7;8.0.1.6;8.0.1.5;8.0.1.4;8.0.1.3;8.0.1.2;8.0.1.17;8.0.1.16;8.0.1.15;8.0.1.14;8.0.1.13;8.0.1.12;8.0.1.11;8.0.1.10;8.0.1.1;8.0.1;8.0.0.9;8.0.0.8;8.0.0.7;8.0.0.6;8.0.0.5;8.0.0.4;8.0.0.3;8.0.0.21;8.0.0.20;8.0.0.2;8.0.0.19;8.0.0.18;8.0.0.17;8.0.0.16;8.0.0.15;8.0.0.14;8.0.0.13;8.0.0.12;8.0.0.11;8.0.0.10;8.0.0.1;8.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-08-09T16:37:37", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearCase (CVE-2018-0739)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0739"], "modified": "2018-08-09T16:37:37", "id": "94B3EC63956148268E5D16E07FE76E71DA01EB7625BA7498384CCAD5794DE007", "href": "https://www.ibm.com/support/pages/node/717211", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-10-01T01:43:00", "description": "## Summary\n\nAn OpenSSL vulnerability was disclosed March 2018 by the OpenSSL Project. OpenSSL, used by IBM Spectrum Control (formerly Tivoli Storage Productivity Center), has addressed the applicable CVE.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2018-0739_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0739>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service. By sending specially crafted ASN.1 data with a recursive definition, a remote attacker could exploit this vulnerability to consume excessive stack memory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/140847_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/140847>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n\n\n## Affected Products and Versions\n\n** Affected Product**\n\n| ** Affected Versions** \n---|--- \nIBM Tivoli Storage Productivity Center| 5.2.0 - 5.2.7.1 \nIBM Spectrum Control| 5.2.8 - 5.2.16 \n \nThe versions listed above apply to all licensed offerings of IBM Spectrum Control. \n \n\n\n## Remediation/Fixes\n\nThe solution is to apply an appropriate IBM Spectrum Control fix. Click on the download link and follow the Installation Instructions. The solution should be implemented as soon as practicable_._\n\nStarting with 5.2.8, Tivoli Storage Productivity Center has been renamed to IBM Spectrum Control. \n\n\n** Release**| **First Fixing VRM Level**| **Link to Fix/Fix Availability Target** \n---|---|--- \n5.2.x| 5.2.17| [_http://www.ibm.com/support/docview.wss?uid=swg21320822_](<http://www.ibm.com/support/docview.wss?uid=swg21320822>) \n \n**Note:** It is always recommended to have a current backup before applying any update procedure. \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n24 May 2018 - Original version published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n[{\"Product\":{\"code\":\"SS5R93\",\"label\":\"IBM Spectrum Control\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"5.2.8;5.2.9;5.2.10;5.2.11;5.2.12;5.2.13;5.2.14;5.2.15;5.2.16\",\"Edition\":\"All Editions\",\"Line of Business\":{\"code\":\"LOB26\",\"label\":\"Storage\"}},{\"Product\":{\"code\":\"SS5R93\",\"label\":\"IBM Spectrum Control\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"5.2;5.2.1;5.2.2;5.2.3;5.2.4;5.2.5;5.2.6;5.2.7\",\"Edition\":\"All Editions\",\"Line of Business\":{\"code\":\"LOB26\",\"label\":\"Storage\"}}]", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-02-22T19:50:07", "type": "ibm", "title": "Security Bulletin: IBM Spectrum Control (formerly IBM Tivoli Storage Productivity is affected by an OpenSSL vulnerabilitiy (CVE-2018-0739)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0739"], "modified": "2022-02-22T19:50:07", "id": "1AE3C39E2B04171FD23F21949F6202B367042F6DC07FB81BDC1E886F25C20936", "href": "https://www.ibm.com/support/pages/node/569713", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-28T22:15:22", "description": "## Summary\n\nA security vulnerability has been disclosed on 27th March 2018 by the OpenSSL Project. OpenSSl is used by IBM Sterling Connect:Express for UNIX. IBM Sterling Connect:Express for UNIX has addressed the applicable CVE.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-0739](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0739>) \nDESCRIPTION: Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140847> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nIBM Sterling Connect:Express for UNIX 1.5.0.15\n\nAll versions prior to 1.5.0.15 iFix 150-1509\n\n## Remediation/Fixes\n\n**VRMF** | **APAR** | **Remediation/First fix** \n---|---|--- \n1.5.0.1509 | TBD | Apply 1.5.0.15 iFix 150-1509, available on [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Sterling+Connect%3AExpress+for+UNIX&release=All&platform=All&function=all>). \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n## Important Note\n\nIBM strongly suggests that all System z customers be subscribed to the System z Security Portal to receive the latest critical System z security and integrity service. If you are not subscribed, see the instructions on the [System z Security web site](<http://www.ibm.com/systems/z/solutions/security_subintegrity.html>). Security and integrity APARs and associated fixes will be posted to this portal. IBM suggests reviewing the CVSS scores and applying all security or integrity fixes as soon as possible to minimize any potential risk.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n4 October 2018: Original Document Published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSG2L6\",\"label\":\"IBM Sterling Connect:Express for UNIX\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"}],\"Version\":\"All Versions\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}}]", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-02-05T01:07:49", "type": "ibm", "title": "Security Bulletin: OpenSSL Vulnerability Affects IBM Sterling Connect:Express for UNIX (CVE-2018-0739)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0739"], "modified": "2020-02-05T01:07:49", "id": "40E849000289F14BA4EAA8A0BFBD0324AC59A18BA17D9C7411EF7F2C82E2F403", "href": "https://www.ibm.com/support/pages/node/733891", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-01T22:11:06", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on March 27, 2018 by the OpenSSL Project. OpenSSL is used by Sterling Connect:Direct for HP NonStop. Sterling Connect:Direct for HP NonStop has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2018-0739_](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0739>) \n**Description:** OpenSSL is vulnerable to a denial of service. By sending specially crafted ASN.1 data with a recursive definition, a remote attacker could exploit this vulnerability to consume excessive stack memory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: \n[_https://exchange.xforce.ibmcloud.com/vulnerabilities/140847_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/140847>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM Sterling Connect:Direct for HP NonStop 3.6.0\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix as soon as practical. Please see below for information about the available fixes. \n \n\n\n**VRMF**| **APAR**| **Remediation/First Fix** \n---|---|--- \n3.6.0| N/A| Apply 3.6.0.2, iFix 010, available on [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Sterling+Connect%3ADirect+for+HP+NonStop&release=3.6.0.1&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n## Important Note\n\nIBM strongly suggests that all System z customers be subscribed to the System z Security Portal to receive the latest critical System z security and integrity service. If you are not subscribed, see the instructions on the [System z Security web site](<http://www.ibm.com/systems/z/solutions/security_subintegrity.html>). Security and integrity APARs and associated fixes will be posted to this portal. IBM suggests reviewing the CVSS scores and applying all security or integrity fixes as soon as possible to minimize any potential risk.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n[{\"Product\":{\"code\":\"SSRSCS\",\"label\":\"IBM Sterling Connect:Direct for HP NonStop\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF010\",\"label\":\"HP-UX\"}],\"Version\":\"3.6\",\"Edition\":\"All Editions\",\"Line of Business\":{\"code\":\"LOB59\",\"label\":\"Sustainability Software\"}}]", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-07-24T22:19:08", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL Affect Sterling Connect:Direct for HP NonStop (CVE-2018-0739)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0739"], "modified": "2020-07-24T22:19:08", "id": "1F0E769E02EDA03664C1D0694AF70B26BFB7E4DBC4D96E353B0F8FCBDA767545", "href": "https://www.ibm.com/support/pages/node/711889", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-28T22:14:06", "description": "## Summary\n\nIBM Aspera On Demand products have addressed the following OpenSSL vulnerability.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2018-0739](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0739>) \n** DESCRIPTION: **OpenSSL is vulnerable to a denial of service. By sending specially crafted ASN.1 data with a recursive definition, a remote attacker could exploit this vulnerability to consume excessive stack memory. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/140847](<https://exchange.xforce.ibmcloud.com/vulnerabilities/140847>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nAspera Faspex on Demand| 3.7.4 \nAspera Shares on Demand| 3.7.4 \nAspera Server on Demand| 3.7.4 \nAspera Platform On Demand| 3.7.4 \n \n\n\n## Remediation/Fixes\n\nAffected Product(s)| Version(s) \n---|--- \nAspera Faspex on Demand| 3.9.6 \nAspera Shares on Demand| 3.9.6 \nAspera Server on Demand| 3.9.6 \nAspera Platform On Demand| 3.9.6 \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n08 May 2020: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Product\":{\"code\":\"SS8NDZ\",\"label\":\"IBM Aspera\"},\"Component\":\"On Demand\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"3.9.6\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-05-20T02:06:00", "type": "ibm", "title": "Security Bulletin: IBM Aspera On Demand products are affected by OpenSSL Vulnerability (CVE-2018-0739)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0739"], "modified": "2020-05-20T02:06:00", "id": "FD98647DA723C33CDEC38C52B57AE83B49EBDE217212120E05428E998223B712", "href": "https://www.ibm.com/support/pages/node/6212076", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-01-29T03:28:15", "description": "## Summary\n\nWebSphere DataPower Appliances has addressed the following vulnerability: \nCVE-2018-0739 \n\n## Vulnerability Details\n\n**CVEID: **[CVE-2018-0739](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0739>) \n**DESCRIPTION: ** OpenSSL is vulnerable to a denial of service. By sending specially crafted ASN.1 data with a recursive definition, a remote attacker could exploit this vulnerability to consume excessive stack memory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140847> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected WebSphere DataPower Appliances | Affected Versions \n---|--- \nIBM DataPower Gateway | 7.1.0.0 - 7.1.0.23 \nIBM DataPower Gateway | 7.2.0.0 - 7.1.0.22 \nIBM DataPower Gateway | 7.5.0.0 - 7.5.0.16 \nIBM DataPower Gateway | 7.5.1.0 - 7.5.1.15 \nIBM DataPower Gateway | 7.6.0.0 - 7.6.0.8 \nIBM DataPower Gateway | 7.5.2.0 - 7.5.2.15 \nIBM DataPower Gateway CD | 7.7.0.0 - 7.7.1.1 \n \n## Remediation/Fixes\n\nProduct | VRMF | APAR | Remediation / First Fix \n---|---|---|--- \nIBM DataPower Gateway | 7.1.0.24 | IT25962 | [APAR IT25962](<http://www-01.ibm.com/support/docview.wss?uid=swg1IT25962>) \nIBM DataPower Gateway | 7.2.0.22 | IT25962 | [APAR IT25962](<http://www-01.ibm.com/support/docview.wss?uid=swg1IT25962>) \nIBM DataPower Gateway | 7.5.0.17 | IT25962 | [APAR IT25962](<http://www-01.ibm.com/support/docview.wss?uid=swg1IT25962>) \nIBM DataPower Gateway | 7.5.1.16 | IT25962 | [APAR IT25962](<http://www-01.ibm.com/support/docview.wss?uid=swg1IT25962>) \nIBM DataPower Gateway | 7.5.2.16 | IT25962 | [APAR IT25962](<http://www-01.ibm.com/support/docview.wss?uid=swg1IT25962>) \nIBM DataPower Gateway | 7.6.0.9 | IT25962 | [APAR IT25962](<http://www-01.ibm.com/support/docview.wss?uid=swg1IT25962>) \nIBM DataPower Gateway CD | 7.7.1.2 | IT25962 | [APAR IT25962](<http://www-01.ibm.com/support/docview.wss?uid=swg1IT25962>) \n \n## Workarounds and Mitigations\n\nNone\n\n## Monitor IBM Cloud Status for Future Security Bulletins\n\nMonitor the [security notifications](<https://cloud.ibm.com/status?selected=security>) on the IBM Cloud Status page to be advised of future security bulletins.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n14 August 2018: Original version published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Product\":{\"code\":\"SS9H2Y\",\"label\":\"IBM DataPower Gateway\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF009\",\"label\":\"Firmware\"}],\"Version\":\"All Versions\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-09-07T14:46:31", "type": "ibm", "title": "Security Bulletin: WebSphere DataPower Appliances is affected by a Denial of Service vulnerability (CVE-2018-0739)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0739"], "modified": "2018-09-07T14:46:31", "id": "C493462547813E2D896F759039078514A13F0934C26044CBC7F658187CF3E4C0", "href": "https://www.ibm.com/support/pages/node/726053", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-28T22:08:34", "description": "## Summary\n\nThere is a vulnerability in OpenSSL used by AIX.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-0739](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0739>) \n**DESCRIPTION:** Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. \n**CVSS Base Score: **5.3 \n**CVSS Temporal Score: **See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/140847_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/140847>) for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAIX 5.3, 6.1, 7.1, 7.2 \nVIOS 2.2.x \n \nThe following fileset levels are vulnerable: \n \n`Fileset Lower Level Upper Level KEY` \n`------------------------------------------------------` \n`openssl.base 1.0.2.500 1.0.2.1300 key_w_fs` \n`openssl.base 20.13.102.1000 20.13.102.1300 key_w_fs` \n \n \nNote: \nA. 0.9.8, 1.0.1 OpenSSL versions are out-of-support. Customers are advised to upgrade to currently supported OpenSSL 1.0.2 version. \n \nB. Latest level of OpenSSL fileset is available from the web download site: \n[_https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=aixbp&lang=en_US&S_PKG=openssl&cp=UTF-8_](<https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=aixbp&lang=en_US&S_PKG=openssl&cp=UTF-8>) \n \nTo find out whether the affected filesets are installed on your systems, refer to the lslpp command found in the AIX user's guide. \n \nExample: `lslpp -L | grep -i openssl.base`\n\n## Remediation/Fixes\n\n**A. FIXES** \n \nThe fixes can be downloaded via ftp or http from: \n \n[_ftp://aix.software.ibm.com/aix/efixes/security/openssl_fix26.tar_](<ftp://aix.software.ibm.com/aix/efixes/security/openssl_fix26.tar>) \n[_http://aix.software.ibm.com/aix/efixes/security/openssl_fix26.tar_](<http://aix.software.ibm.com/aix/efixes/security/openssl_fix26.tar>) \n[_https://aix.software.ibm.com/aix/efixes/security/openssl_fix26.tar_](<https://aix.software.ibm.com/aix/efixes/security/openssl_fix26.tar>) \n \nThe links above are to a tar file containing this signed advisory, fix packages, and OpenSSL signatures for each package. The fixes below include prerequisite checking. This will enforce the correct mapping between the fixes and AIX Technology Levels. \n \nNote that the tar file contains Interim fixes that are based on OpenSSL version, and AIX OpenSSL fixes are cumulative. You must be on the 'prereq for installation' level before applying the interim fix. This may require installing a new level(prereq version) first. \n \n`AIX Level Interim Fix (*.Z) Fileset Name(prereq for installation) KEY` \n`--------------------------------------------------------------------------------------------` \n`5.3, 6.1, 7.1, 7.2 102ma_ifix.180410.epkg.Z openssl.base(1.0.2.1300) key_w_fix` \n`5.3, 6.1, 7.1, 7.2 fips_102ma.180410.epkg.Z openssl.base(20.13.102.1300) key_w_fix` \n \n`VIOS Level Interim Fix (*.Z) Fileset Name(prereq for installation) KEY` \n` --------------------------------------------------------------------------------------------` \n`2.2.* 102ma_ifix.180410.epkg.Z openssl.base(1.0.2.1300) key_w_fix` \n`2.2.* fips_102ma.180410.epkg.Z openssl.base(20.13.102.1300) key_w_fix` \n \n \nTo extract the fixes from the tar file: \n \n`tar xvf openssl_fix26.tar` \n`cd openssl_fix26` \n \nVerify you have retrieved the fixes intact: \n \nThe checksums below were generated using the \"`openssl dgst -sha256 file`\" command as the following: \n \n`openssl dgst -sha256 filename KEY` \n`-----------------------------------------------------