Huawei EulerOS: Security Advisory for webkitgtk4 (EulerOS-SA-2020-1199). Remote host missing update for webkitgtk4 package. Address bar spoofing vulnerability
Reporter | Title | Published | Views | Family All 91 |
---|---|---|---|---|
RedhatCVE | CVE-2019-6251 | 13 May 201911:49 | â | redhatcve |
OpenVAS | Huawei EulerOS: Security Advisory for webkitgtk4 (EulerOS-SA-2019-2197) | 23 Jan 202000:00 | â | openvas |
OpenVAS | Huawei EulerOS: Security Advisory for webkitgtk3 (EulerOS-SA-2019-2196) | 23 Jan 202000:00 | â | openvas |
OpenVAS | Huawei EulerOS: Security Advisory for webkitgtk3 (EulerOS-SA-2021-1371) | 22 Feb 202100:00 | â | openvas |
OpenVAS | Huawei EulerOS: Security Advisory for webkitgtk3 (EulerOS-SA-2021-1130) | 19 Jan 202100:00 | â | openvas |
OpenVAS | Fedora Update for webkit2gtk3 FEDORA-2019-b3ad0a302b | 7 May 201900:00 | â | openvas |
OpenVAS | Fedora Update for webkit2gtk3 FEDORA-2019-432b3dff25 | 25 Apr 201900:00 | â | openvas |
OpenVAS | Ubuntu: Security Advisory (USN-3948-1) | 17 Apr 201900:00 | â | openvas |
OpenVAS | openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2019:1391-1) | 14 May 201900:00 | â | openvas |
OpenVAS | SUSE: Security Advisory (SUSE-SU-2019:1155-1) | 19 Apr 202100:00 | â | openvas |
Source | Link |
---|---|
developer | www.developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html |
# SPDX-FileCopyrightText: 2020 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.2.2020.1199");
script_cve_id("CVE-2019-6251");
script_tag(name:"creation_date", value:"2020-03-13 07:13:52 +0000 (Fri, 13 Mar 2020)");
script_version("2024-02-05T14:36:56+0000");
script_tag(name:"last_modification", value:"2024-02-05 14:36:56 +0000 (Mon, 05 Feb 2024)");
script_tag(name:"cvss_base", value:"5.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:N");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2019-01-24 17:00:59 +0000 (Thu, 24 Jan 2019)");
script_name("Huawei EulerOS: Security Advisory for webkitgtk4 (EulerOS-SA-2020-1199)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2020 Greenbone AG");
script_family("Huawei EulerOS Local Security Checks");
script_dependencies("gb_huawei_euleros_consolidation.nasl");
script_mandatory_keys("ssh/login/euleros", "ssh/login/rpms", re:"ssh/login/release=EULEROSVIRTARM64\-3\.0\.2\.0");
script_xref(name:"Advisory-ID", value:"EulerOS-SA-2020-1199");
script_xref(name:"URL", value:"https://developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html?secId=EulerOS-SA-2020-1199");
script_tag(name:"summary", value:"The remote host is missing an update for the Huawei EulerOS 'webkitgtk4' package(s) announced via the EulerOS-SA-2020-1199 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge.(CVE-2019-6251)");
script_tag(name:"affected", value:"'webkitgtk4' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.2.0.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "EULEROSVIRTARM64-3.0.2.0") {
if(!isnull(res = isrpmvuln(pkg:"webkitgtk4", rpm:"webkitgtk4~2.16.6~6.h7", rls:"EULEROSVIRTARM64-3.0.2.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"webkitgtk4-jsc", rpm:"webkitgtk4-jsc~2.16.6~6.h7", rls:"EULEROSVIRTARM64-3.0.2.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"webkitgtk4-plugin-process-gtk2", rpm:"webkitgtk4-plugin-process-gtk2~2.16.6~6.h7", rls:"EULEROSVIRTARM64-3.0.2.0"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo