Lucene search
Huawei EulerOS: Security Advisory for dom4j (EulerOS-SA-2019-1960)
🗓️ 23 Jan 2020 00:00:00Reported by Copyright (C) 2020 Greenbone AGType 
openvas🔗 plugins.openvas.org👁 22 Views
The remote host is missing an update for the Huawei EulerOS 'dom4j' package(s) due to a CWE-91: XML Injection vulnerability in Class: Element
Show more
| Reporter | Title | Published | Views | Family All 94 |
|---|---|---|---|---|
 | EulerOS 2.0 SP5 : dom4j (EulerOS-SA-2019-1960) | 23 Sep 201900:00 | – | nessus |
| Ubuntu 16.04 LTS : dom4j vulnerability (USN-4619-1) | 6 Nov 202000:00 | – | nessus |
| openSUSE Security Update : dom4j (openSUSE-2018-1077) | 1 Oct 201800:00 | – | nessus |
| openSUSE Security Update : dom4j (openSUSE-2018-1486) | 7 Dec 201800:00 | – | nessus |
| RHEL 7 : dom4j (Unpatched Vulnerability) | 3 Jun 202400:00 | – | nessus |
| EulerOS 2.0 SP2 : dom4j (EulerOS-SA-2019-2405) | 10 Dec 201900:00 | – | nessus |
| Linux Distros Unpatched Vulnerability : CVE-2018-1000632 | 4 Mar 202500:00 | – | nessus |
| openSUSE Security Update : dom4j (openSUSE-2019-958) | 27 Mar 201900:00 | – | nessus |
| Debian DLA-1517-1 : dom4j security update | 25 Sep 201800:00 | – | nessus |
| EulerOS 2.0 SP3 : dom4j (EulerOS-SA-2019-2569) | 19 Dec 201900:00 | – | nessus |
10
| Source | Link |
|---|---|
| developer | www.developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html |
# SPDX-FileCopyrightText: 2020 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.2.2019.1960");
script_cve_id("CVE-2018-1000632");
script_tag(name:"creation_date", value:"2020-01-23 12:28:35 +0000 (Thu, 23 Jan 2020)");
script_version("2024-02-05T14:36:56+0000");
script_tag(name:"last_modification", value:"2024-02-05 14:36:56 +0000 (Mon, 05 Feb 2024)");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:P/A:N");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2020-07-23 14:19:21 +0000 (Thu, 23 Jul 2020)");
script_name("Huawei EulerOS: Security Advisory for dom4j (EulerOS-SA-2019-1960)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2020 Greenbone AG");
script_family("Huawei EulerOS Local Security Checks");
script_dependencies("gb_huawei_euleros_consolidation.nasl");
script_mandatory_keys("ssh/login/euleros", "ssh/login/rpms", re:"ssh/login/release=EULEROS\-2\.0SP5");
script_xref(name:"Advisory-ID", value:"EulerOS-SA-2019-1960");
script_xref(name:"URL", value:"https://developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html?secId=EulerOS-SA-2019-1960");
script_tag(name:"summary", value:"The remote host is missing an update for the Huawei EulerOS 'dom4j' package(s) announced via the EulerOS-SA-2019-1960 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. (CVE-2018-1000632)");
script_tag(name:"affected", value:"'dom4j' package(s) on Huawei EulerOS V2.0SP5.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "EULEROS-2.0SP5") {
if(!isnull(res = isrpmvuln(pkg:"dom4j", rpm:"dom4j~1.6.1~20.h1.eulerosv2r7", rls:"EULEROS-2.0SP5"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo23 Jan 2020 00:00Current
7.8High risk
Vulners AI Score7.8
CVSS25
CVSS37.5
EPSS0.01202