DATABASE RESOURCES PRICING ABOUT US

{"id": "PHSA-2020-2.0-0263", "vendorId": null, "type": "photon", "bulletinFamily": "unix", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2020-2.0-0263", "description": "An update of {'bindutils', 'apache-tomcat'} packages of Photon OS has been released.\n", "published": "2020-07-18T00:00:00", "modified": "2020-07-18T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "href": "https://github.com/vmware/photon/wiki/Security-Updates-2-263", "reporter": "Photon", "references": [], "cvelist": ["CVE-2020-11996", "CVE-2020-8618", "CVE-2020-8619"], "immutableFields": [], "lastseen": "2021-11-03T15:02:51", "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "alpinelinux", "idList": ["ALPINE:CVE-2020-8618", "ALPINE:CVE-2020-8619"]}, {"type": "archlinux", "idList": ["ASA-202006-13", "ASA-202006-16"]}, {"type": "atlassian", "idList": ["ATLASSIAN:CONFSERVER-60004", "ATLASSIAN:JRASERVER-71321", "CONFSERVER-60004", "JRASERVER-71321"]}, {"type": "attackerkb", "idList": ["AKB:8AA21692-1900-4944-98AB-BEC257302198"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2020-3387"]}, {"type": "cisa", "idList": ["CISA:6AB408E664DEC2691E5D7872C63AFD97", "CISA:918BA24AFBD99F0ED28F66A3212E3BA6"]}, {"type": "cve", "idList": ["CVE-2020-11996", "CVE-2020-8618", "CVE-2020-8619"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2279-1:771F3", "DEBIAN:DLA-2279-1:AB3FB", "DEBIAN:DSA-4627-1:1B266", "DEBIAN:DSA-4752-1:AAF93", "DEBIAN:DSA-4752-1:F3E48"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-11996", "DEBIANCVE:CVE-2020-8618", "DEBIANCVE:CVE-2020-8619"]}, {"type": "f5", "idList": ["F5:K19240391", "F5:K19807532", "F5:K62210928"]}, {"type": "fedora", "idList": ["FEDORA:2630830CCAB9", "FEDORA:D36A131B8B41"]}, {"type": "freebsd", "idList": ["6A72EFF7-CCD6-11EA-9172-4C72B94353B5", "75D72E03-B137-11EA-8659-901B0EF719AB", "F00D1873-B138-11EA-8659-901B0EF719AB"]}, {"type": "github", "idList": ["GHSA-53HP-JPWQ-2JGQ"]}, {"type": "ibm", "idList": ["2FE97BC0DB8A3B1BCF85FF8F69828770D4396C7CC3ABD37202D8089D2CADF87B", "C53D3C47BD4A155045F99C1E4CBF677182A1008DEB57811C876885F82676C572", "C596338966F1610A28DC01FBB21502CC71651B70DBC8B96D9603EBE432E4D5E6", "E958100936EDC2D0333655BFE34E1B7F8D81CEDA480AF07C1DBCD19C65ABC6AD", "F968064DF1D870E093FB1CBB6C9BC42A2AAB61D61095B3E288687BFC31A52BFD"]}, {"type": "kaspersky", "idList": ["KLA11823"]}, {"type": "mageia", "idList": ["MGASA-2020-0331"]}, {"type": "nessus", "idList": ["701331.PASL", "BIND9_9164.NASL", "BIND9_9164_CVE_2020_8619.NASL", "DEBIAN_DLA-2279.NASL", "DEBIAN_DSA-4727.NASL", "DEBIAN_DSA-4752.NASL", "EULEROS_SA-2020-1829.NASL", "EULEROS_SA-2021-1134.NASL", "EULEROS_SA-2021-1242.NASL", "EULEROS_SA-2021-1261.NASL", "EULEROS_SA-2021-1532.NASL", "EULEROS_SA-2021-1725.NASL", "EULEROS_SA-2021-1739.NASL", "F5_BIGIP_SOL19807532.NASL", "FEDORA_2020-54A91444FF.NASL", "FEDORA_2020-5F8DA4B260.NASL", "FREEBSD_PKG_6A72EFF7CCD611EA91724C72B94353B5.NASL", "FREEBSD_PKG_75D72E03B13711EA8659901B0EF719AB.NASL", "FREEBSD_PKG_F00D1873B13811EA8659901B0EF719AB.NASL", "JFROG_ARTIFACTORY_7_7_0.NASL", "NEWSTART_CGSL_NS-SA-2021-0064_BIND.NASL", "OPENSUSE-2020-1051.NASL", "OPENSUSE-2020-1063.NASL", "OPENSUSE-2020-1699.NASL", "OPENSUSE-2020-1701.NASL", "ORACLELINUX_ELSA-2020-4500.NASL", "PHOTONOS_PHSA-2020-1_0-0308_APACHE.NASL", "PHOTONOS_PHSA-2020-1_0-0309_BINDUTILS.NASL", "PHOTONOS_PHSA-2020-2_0-0263_APACHE.NASL", "PHOTONOS_PHSA-2020-2_0-0263_BINDUTILS.NASL", "PHOTONOS_PHSA-2020-3_0-0114_APACHE.NASL", "PHOTONOS_PHSA-2020-3_0-0115_BINDUTILS.NASL", "REDHAT-RHSA-2020-4500.NASL", "REDHAT-RHSA-2020-5170.NASL", "SLACKWARE_SSA_2020-170-01.NASL", "SUSE_SU-2020-2914-1.NASL", "TOMCAT_10_0_0_M6.NASL", "TOMCAT_8_5_56.NASL", "TOMCAT_9_0_36.NASL", "UBUNTU_USN-4399-1.NASL", "UBUNTU_USN-4596-1.NASL", "WEB_APPLICATION_SCANNING_112559", "WEB_APPLICATION_SCANNING_112560", "WEB_APPLICATION_SCANNING_112561"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310144180", "OPENVAS:1361412562310144181", "OPENVAS:1361412562310704727", "OPENVAS:1361412562310844473", "OPENVAS:1361412562310878002", "OPENVAS:1361412562310878019", "OPENVAS:1361412562310892279"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2021", "ORACLE:CPUOCT2020"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-4500"]}, {"type": "osv", "idList": ["OSV:DLA-2279-1", "OSV:DSA-4727-1", "OSV:DSA-4752-1", "OSV:GHSA-53HP-JPWQ-2JGQ"]}, {"type": "photon", "idList": ["PHSA-2020-0114", "PHSA-2020-0115", "PHSA-2020-0263", "PHSA-2020-0308", "PHSA-2020-0309", "PHSA-2020-1.0-0308", "PHSA-2020-1.0-0309", "PHSA-2020-3.0-0114", "PHSA-2020-3.0-0115"]}, {"type": "redhat", "idList": ["RHSA-2020:4500", "RHSA-2020:5170", "RHSA-2020:5173", "RHSA-2020:5388", "RHSA-2020:5633", "RHSA-2020:5635", "RHSA-2021:0292", "RHSA-2021:0799", "RHSA-2021:3140"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-11996", "RH:CVE-2020-8618", "RH:CVE-2020-8619"]}, {"type": "slackware", "idList": ["SSA-2020-170-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1051-1", "OPENSUSE-SU-2020:1063-1", "OPENSUSE-SU-2020:1699-1", "OPENSUSE-SU-2020:1701-1"]}, {"type": "symantec", "idList": ["SMNTC-17650"]}, {"type": "tomcat", "idList": ["TOMCAT:03526B264C3CCDD4C74F8B8FBF02E5E4", "TOMCAT:664B7FB043CE1DA3FFE3E5FB72DB8E6D", "TOMCAT:CCAD5F704056771CAFA7305B5EB8A87E"]}, {"type": "ubuntu", "idList": ["USN-4399-1", "USN-4596-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-11996", "UB:CVE-2020-8618", "UB:CVE-2020-8619"]}, {"type": "veracode", "idList": ["VERACODE:25773", "VERACODE:26528", "VERACODE:26529"]}]}, "score": {"value": 0.9, "vector": "NONE"}, "backreferences": {"references": [{"type": "alpinelinux", "idList": ["ALPINE:CVE-2020-8618", "ALPINE:CVE-2020-8619"]}, {"type": "archlinux", "idList": ["ASA-202006-13", "ASA-202006-16"]}, {"type": "atlassian", "idList": ["ATLASSIAN:JRASERVER-71321"]}, {"type": "attackerkb", "idList": ["AKB:8AA21692-1900-4944-98AB-BEC257302198"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2020-3387"]}, {"type": "cisa", "idList": ["CISA:918BA24AFBD99F0ED28F66A3212E3BA6"]}, {"type": "cve", "idList": ["CVE-2020-8618", "CVE-2020-8619"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2279-1:771F3", "DEBIAN:DSA-4627-1:1B266"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-8618", "DEBIANCVE:CVE-2020-8619"]}, {"type": "f5", "idList": ["F5:K19240391", "F5:K19807532", "F5:K62210928"]}, {"type": "fedora", "idList": ["FEDORA:2630830CCAB9", "FEDORA:D36A131B8B41"]}, {"type": "freebsd", "idList": ["6A72EFF7-CCD6-11EA-9172-4C72B94353B5", "75D72E03-B137-11EA-8659-901B0EF719AB", "F00D1873-B138-11EA-8659-901B0EF719AB"]}, {"type": "github", "idList": ["GHSA-53HP-JPWQ-2JGQ"]}, {"type": "ibm", "idList": ["C53D3C47BD4A155045F99C1E4CBF677182A1008DEB57811C876885F82676C572", "F968064DF1D870E093FB1CBB6C9BC42A2AAB61D61095B3E288687BFC31A52BFD"]}, {"type": "kaspersky", "idList": ["KLA11823"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-2279.NASL", "EULEROS_SA-2021-1532.NASL", "FREEBSD_PKG_75D72E03B13711EA8659901B0EF719AB.NASL", "FREEBSD_PKG_F00D1873B13811EA8659901B0EF719AB.NASL", "JFROG_ARTIFACTORY_7_7_0.NASL", "NEWSTART_CGSL_NS-SA-2021-0064_BIND.NASL", "ORACLELINUX_ELSA-2020-4500.NASL", "PHOTONOS_PHSA-2020-1_0-0308_APACHE.NASL", "PHOTONOS_PHSA-2020-2_0-0263_APACHE.NASL", "PHOTONOS_PHSA-2020-2_0-0263_BINDUTILS.NASL", "PHOTONOS_PHSA-2020-3_0-0114_APACHE.NASL", "PHOTONOS_PHSA-2020-3_0-0115_BINDUTILS.NASL", "SLACKWARE_SSA_2020-170-01.NASL", "UBUNTU_USN-4399-1.NASL", "UBUNTU_USN-4596-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310844473"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2021"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-4500"]}, {"type": "photon", "idList": ["PHSA-2020-1.0-0308", "PHSA-2020-1.0-0309", "PHSA-2020-3.0-0114", "PHSA-2020-3.0-0115"]}, {"type": "redhat", "idList": ["RHSA-2021:3140"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-11996", "RH:CVE-2020-8618", "RH:CVE-2020-8619"]}, {"type": "slackware", "idList": ["SSA-2020-170-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1051-1"]}, {"type": "symantec", "idList": ["SMNTC-17650"]}, {"type": "ubuntu", "idList": ["USN-4399-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-11996", "UB:CVE-2020-8618", "UB:CVE-2020-8619"]}]}, "exploitation": null, "vulnersScore": 0.9}, "affectedPackage": [{"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "9.16.4-1.ph2", "packageFilename": "bindutils-9.16.4-1.ph2.x86_64.rpm", "operator": "lt", "packageName": "bindutils"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "noarch", "packageVersion": "8.5.51-3.ph2", "packageFilename": "apache-tomcat-8.5.51-3.ph2.noarch.rpm", "operator": "lt", "packageName": "apache-tomcat"}], "vendorCvss": {"severity": "important"}, "_state": {"dependencies": 1659998956, "score": 1659915622}, "_internal": {"score_hash": "9c16b865b7695856b619eca1899192cf"}}

{"photon": [{"lastseen": "2022-05-12T18:20:14", "description": "Updates of ['bindutils', 'apache-tomcat'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-18T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2020-0263", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11996", "CVE-2020-8618", "CVE-2020-8619"], "modified": "2020-07-18T00:00:00", "id": "PHSA-2020-0263", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-263", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-05-12T18:49:02", "description": "Updates of ['bindutils'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 4.9, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-16T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2020-0115", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8618", "CVE-2020-8619"], "modified": "2020-07-16T00:00:00", "id": "PHSA-2020-0115", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-115", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-11-03T11:57:54", "description": "An update of {'bindutils'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 4.9, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-07-16T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2020-3.0-0115", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8618", "CVE-2020-8619"], "modified": "2020-07-16T00:00:00", "id": "PHSA-2020-3.0-0115", "href": "https://github.com/vmware/photon/wiki/Security-Updates-3.0-115", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-11-03T11:57:51", "description": "An update of {'net-snmp', 'apache-tomcat'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-07-16T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2020-3.0-0114", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-20892", "CVE-2020-11996"], "modified": "2020-07-16T00:00:00", "id": "PHSA-2020-3.0-0114", "href": "https://github.com/vmware/photon/wiki/Security-Updates-3.0-114", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-05-12T18:48:02", "description": "Updates of ['apache-tomcat', 'net-snmp'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-16T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2020-0114", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-20892", "CVE-2020-11996"], "modified": "2020-07-16T00:00:00", "id": "PHSA-2020-0114", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-114", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-05-12T18:00:14", "description": "Updates of ['sqlite-autoconf', 'apache-tomcat', 'net-snmp'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-15T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2020-0308", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-20892", "CVE-2020-11996", "CVE-2020-15358"], "modified": "2020-07-15T00:00:00", "id": "PHSA-2020-0308", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-308", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-11-03T08:48:37", "description": "An update of {'apache-tomcat', 'net-snmp', 'sqlite-autoconf'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-07-15T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2020-1.0-0308", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-20892", "CVE-2020-11996", "CVE-2020-15358"], "modified": "2020-07-15T00:00:00", "id": "PHSA-2020-1.0-0308", "href": "https://github.com/vmware/photon/wiki/Security-Updates-1.0-308", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-11-03T11:49:05", "description": "An update of {'python3', 'envoy', 'mysql', 'python2', 'bindutils', 'linux-esx', 'linux', 'apache-tomcat'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-07-25T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2020-1.0-0309", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 8.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 8.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-20907", "CVE-2020-12603", "CVE-2020-12604", "CVE-2020-12605", "CVE-2020-13934", "CVE-2020-13935", "CVE-2020-14305", "CVE-2020-14422", "CVE-2020-14539", "CVE-2020-14540", "CVE-2020-14547", "CVE-2020-14550", "CVE-2020-14553", "CVE-2020-14559", "CVE-2020-14567", "CVE-2020-14576", "CVE-2020-15393", "CVE-2020-15436", "CVE-2020-8618", "CVE-2020-8619", "CVE-2020-8663"], "modified": "2020-07-25T00:00:00", "id": "PHSA-2020-1.0-0309", "href": "https://github.com/vmware/photon/wiki/Security-Updates-1.0-309", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2022-05-12T18:00:24", "description": "Updates of ['envoy', 'python3', 'linux', 'apache-tomcat', 'linux-esx', 'python2', 'mysql', 'bindutils'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-25T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2020-0309", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 8.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 8.5, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-20907", "CVE-2020-12603", "CVE-2020-12604", "CVE-2020-12605", "CVE-2020-12888", "CVE-2020-13934", "CVE-2020-13935", "CVE-2020-14305", "CVE-2020-14422", "CVE-2020-14539", "CVE-2020-14540", "CVE-2020-14547", "CVE-2020-14550", "CVE-2020-14553", "CVE-2020-14559", "CVE-2020-14567", "CVE-2020-14576", "CVE-2020-15393", "CVE-2020-15436", "CVE-2020-8618", "CVE-2020-8619", "CVE-2020-8663"], "modified": "2020-07-25T00:00:00", "id": "PHSA-2020-0309", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-309", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}], "archlinux": [{"lastseen": "2021-07-28T14:33:58", "description": "Arch Linux Security Advisory ASA-202006-13\n==========================================\n\nSeverity: Medium\nDate : 2020-06-28\nCVE-ID : CVE-2020-8618 CVE-2020-8619\nPackage : bind\nType : denial of service\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1191\n\nSummary\n=======\n\nThe package bind before version 9.16.4-1 is vulnerable to denial of\nservice.\n\nResolution\n==========\n\nUpgrade to 9.16.4-1.\n\n# pacman -Syu \"bind>=9.16.4-1\"\n\nThe problems have been fixed upstream in version 9.16.4.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2020-8618 (denial of service)\n\nAn assertion check in BIND before 9.16.4 (that is meant to prevent\ngoing beyond the end of a buffer when processing incoming data) can be\nincorrectly triggered by a large response during zone transfer. An\nattacker who is permitted to send zone data to a server via zone\ntransfer can exploit this to intentionally trigger the assertion\nfailure with a specially constructed zone, denying service to clients.\n\n- CVE-2020-8619 (denial of service)\n\nAn issue has been found in Bind before 9.16.4, where an asterisk\ncharacter in an empty non-terminal can cause an assertion failure in\nrbtdb.c.\nThe asterisk character (\"*\") is allowed in DNS zone files, where it is\nmost commonly present as a wildcard at a terminal node of the Domain\nName System graph. However, the RFCs do not require and BIND does not\nenforce that an asterisk character be present only at a terminal node.\nA problem can occur when an asterisk is present in an empty non-\nterminal location within the DNS graph. If such a node exists, after a\nseries of queries, named can reach an inconsistent state that results\nin the failure of an assertion check in rbtdb.c, followed by the\nprogram exiting due to the assertion failure.\nUnless a nameserver is providing authoritative service for one or more\nzones and at least one zone contains an empty non-terminal entry\ncontaining an asterisk (\"*\") character, this defect cannot be\nencountered. A would-be attacker who is allowed to change zone content\ncould theoretically introduce such a record in order to exploit this\ncondition to cause denial of service, though we consider the use of\nthis vector unlikely because any such attack would require a\nsignificant privilege level and be easily traceable.\n\nImpact\n======\n\nA remote attacker with enough privileges to update a zone might be able\nto crash a server via a crafted zone transfer or by inserting an\nasterisk at a terminal node of a zone.\n\nReferences\n==========\n\nhttps://downloads.isc.org/isc/bind9/9.16.4/doc/arm/html/notes.html#notes-for-bind-9-16-4\nhttps://kb.isc.org/docs/cve-2020-8618\nhttps://gitlab.isc.org/isc-projects/bind9/-/issues/1850\nhttps://kb.isc.org/docs/cve-2020-8619\nhttps://gitlab.isc.org/isc-projects/bind9/-/issues/1718\nhttps://gitlab.isc.org/isc-projects/bind9/-/commit/569cc155b8680d8ed12db1fabbe20947db24a0f9\nhttps://security.archlinux.org/CVE-2020-8618\nhttps://security.archlinux.org/CVE-2020-8619", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 4.9, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-06-28T00:00:00", "type": "archlinux", "title": "[ASA-202006-13] bind: denial of service", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8618", "CVE-2020-8619"], "modified": "2020-06-28T00:00:00", "id": "ASA-202006-13", "href": "https://security.archlinux.org/ASA-202006-13", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-07-28T14:33:58", "description": "Arch Linux Security Advisory ASA-202006-16\n==========================================\n\nSeverity: Medium\nDate : 2020-06-28\nCVE-ID : CVE-2020-11996\nPackage : tomcat8\nType : denial of service\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1197\n\nSummary\n=======\n\nThe package tomcat8 before version 8.5.56-1 is vulnerable to denial of\nservice.\n\nResolution\n==========\n\nUpgrade to 8.5.56-1.\n\n# pacman -Syu \"tomcat8>=8.5.56-1\"\n\nThe problem has been fixed upstream in version 8.5.56.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nA denial of service has been found in Apache Tomcat before 9.0.36 and\n8.5.56, where a specially crafted sequence of HTTP/2 requests could\ntrigger high CPU usage for several seconds. If a sufficient number of\nsuch requests were made on concurrent HTTP/2 connections, the server\ncould become unresponsive.\n\nImpact\n======\n\nA remote attacker might be able to cause a denial of service via a\nspecially crafted sequence of HTTP/2 requests.\n\nReferences\n==========\n\nhttps://www.openwall.com/lists/oss-security/2020/06/25/6\nhttps://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.36\nhttps://github.com/apache/tomcat/commit/9a0231683a77e2957cea0fdee88b193b30b0c976\nhttps://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.56\nhttps://github.com/apache/tomcat/commit/c8acd2ab7371e39aeca7c306f3b5380f00afe552\nhttps://security.archlinux.org/CVE-2020-11996", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-06-28T00:00:00", "type": "archlinux", "title": "[ASA-202006-16] tomcat8: denial of service", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11996"], "modified": "2020-06-28T00:00:00", "id": "ASA-202006-16", "href": "https://security.archlinux.org/ASA-202006-16", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntu": [{"lastseen": "2022-01-04T11:21:06", "description": "It was discovered that Bind incorrectly handled large responses during zone \ntransfers. A remote attacker could possibly use this issue to cause Bind to \ncrash, resulting in a denial of service. (CVE-2020-8618)\n\nIt was discovered that Bind incorrectly handled certain asterisk characters \nin zone files. A remote attacker could possibly use this issue to cause \nBind to crash, resulting in a denial of service. (CVE-2020-8619)\n", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 4.9, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-06-17T00:00:00", "type": "ubuntu", "title": "Bind vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8618", "CVE-2020-8619"], "modified": "2020-06-17T00:00:00", "id": "USN-4399-1", "href": "https://ubuntu.com/security/notices/USN-4399-1", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2022-01-04T11:09:13", "description": "It was discovered that Tomcat did not properly manage HTTP/2 streams. An \nattacker could possibly use this to cause Tomcat to consume resources, \nresulting in a denial of service. (CVE-2020-11996)\n\nIt was discovered that Tomcat did not properly release the HTTP/1.1 \nprocessor after the upgrade to HTTP/2. An attacker could possibly use this \nto generate an OutOfMemoryException, resulting in a denial of service. \n(CVE-2020-13934)\n\nIt was discovered that Tomcat did not properly validate the payload length \nin a WebSocket frame. An attacker could possibly use this to trigger an \ninfinite loop, resulting in a denial of service. (CVE-2020-13935)\n\nIt was discovered that Tomcat did not properly deserialize untrusted data. \nAn attacker could possibly use this issue to execute arbitrary code. \n(CVE-2020-9484)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-10-21T00:00:00", "type": "ubuntu", "title": "Tomcat vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13935", "CVE-2020-11996", "CVE-2020-9484", "CVE-2020-13934"], "modified": "2020-10-21T00:00:00", "id": "USN-4596-1", "href": "https://ubuntu.com/security/notices/USN-4596-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2020-06-30T15:59:10", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-06-18T00:00:00", "type": "openvas", "title": "Ubuntu: Security Advisory for bind9 (USN-4399-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8618", "CVE-2020-8619"], "modified": "2020-06-29T00:00:00", "id": "OPENVAS:1361412562310844473", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844473", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844473\");\n script_version(\"2020-06-29T07:17:12+0000\");\n script_cve_id(\"CVE-2020-8618\", \"CVE-2020-8619\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-06-29 07:17:12 +0000 (Mon, 29 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-18 03:00:22 +0000 (Thu, 18 Jun 2020)\");\n script_name(\"Ubuntu: Security Advisory for bind9 (USN-4399-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU20\\.04 LTS\");\n\n script_xref(name:\"USN\", value:\"4399-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-June/005485.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bind9'\n package(s) announced via the USN-4399-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that Bind incorrectly handled large responses during zone\ntransfers. A remote attacker could possibly use this issue to cause Bind to\ncrash, resulting in a denial of service. (CVE-2020-8618)\n\nIt was discovered that Bind incorrectly handled certain asterisk characters\nin zone files. A remote attacker could possibly use this issue to cause\nBind to crash, resulting in a denial of service. (CVE-2020-8619)\");\n\n script_tag(name:\"affected\", value:\"'bind9' package(s) on Ubuntu 20.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU20.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"bind9\", ver:\"1:9.16.1-0ubuntu2.2\", rls:\"UBUNTU20.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2020-07-21T20:05:08", "description": "Apache Tomcat is prone to a denial of service vulnerability.", "cvss3": {}, "published": "2020-06-29T00:00:00", "type": "openvas", "title": "Apache Tomcat DoS Vulnerability - June20 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11996"], "modified": "2020-07-08T00:00:00", "id": "OPENVAS:1361412562310144181", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310144181", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.144181\");\n script_version(\"2020-07-08T07:05:43+0000\");\n script_tag(name:\"last_modification\", value:\"2020-07-08 07:05:43 +0000 (Wed, 08 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-29 09:06:19 +0000 (Mon, 29 Jun 2020)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_cve_id(\"CVE-2020-11996\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Apache Tomcat DoS Vulnerability - June20 (Windows)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\", \"Host/runs_windows\");\n\n script_tag(name:\"summary\", value:\"Apache Tomcat is prone to a denial of service vulnerability.\");\n\n script_tag(name:\"insight\", value:\"A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat could\n trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent\n HTTP/2 connections, the server could become unresponsive.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat 8.5.0 to 8.5.55, 9.0.0.M1 to 9.0.35 and\n 10.0.0-M1 to 10.0.0-M5.\");\n\n script_tag(name:\"solution\", value:\"Update to version 8.5.56, 9.0.36, 10.0.0-M6 or later.\");\n\n script_xref(name:\"URL\", value:\"https://lists.apache.org/thread.html/r5541ef6b6b68b49f76fc4c45695940116da2bcbe0312ef204a00a2e0%40%3Cannounce.tomcat.apache.org%3E\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"revisions-lib.inc\");\ninclude(\"version_func.inc\");\n\nif (isnull(port = get_app_port(cpe: CPE)))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos[\"version\"];\nlocation = infos[\"location\"];\n\nif (version_in_range(version: version, test_version: \"8.5.0\", test_version2: \"8.5.55\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"8.5.56\", install_path: location);\n security_message(port: port, data: report);\n exit(0);\n}\n\nif ((revcomp(a: version, b: \"9.0.0.M1\") >= 0) && (revcomp(a: version, b: \"9.0.35\") <= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"9.0.36\", install_path: location);\n security_message(port: port, data: report);\n exit(0);\n}\n\nif ((revcomp(a: version, b: \"10.0.0.M1\") >= 0) && (revcomp(a: version, b: \"10.0.0.M5\") <= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"10.0.0-M6\", install_path: location);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-07-21T20:05:08", "description": "Apache Tomcat is prone to a denial of service vulnerability.", "cvss3": {}, "published": "2020-06-29T00:00:00", "type": "openvas", "title": "Apache Tomcat DoS Vulnerability - June20 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11996"], "modified": "2020-07-08T00:00:00", "id": "OPENVAS:1361412562310144180", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310144180", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.144180\");\n script_version(\"2020-07-08T07:05:43+0000\");\n script_tag(name:\"last_modification\", value:\"2020-07-08 07:05:43 +0000 (Wed, 08 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-29 08:59:09 +0000 (Mon, 29 Jun 2020)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_cve_id(\"CVE-2020-11996\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Apache Tomcat DoS Vulnerability - June20 (Linux)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\", \"Host/runs_unixoide\");\n\n script_tag(name:\"summary\", value:\"Apache Tomcat is prone to a denial of service vulnerability.\");\n\n script_tag(name:\"insight\", value:\"A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat could\n trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent\n HTTP/2 connections, the server could become unresponsive.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat 8.5.0 to 8.5.55, 9.0.0.M1 to 9.0.35 and\n 10.0.0-M1 to 10.0.0-M5.\");\n\n script_tag(name:\"solution\", value:\"Update to version 8.5.56, 9.0.36, 10.0.0-M6 or later.\");\n\n script_xref(name:\"URL\", value:\"https://lists.apache.org/thread.html/r5541ef6b6b68b49f76fc4c45695940116da2bcbe0312ef204a00a2e0%40%3Cannounce.tomcat.apache.org%3E\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"revisions-lib.inc\");\ninclude(\"version_func.inc\");\n\nif (isnull(port = get_app_port(cpe: CPE)))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos[\"version\"];\nlocation = infos[\"location\"];\n\nif (version_in_range(version: version, test_version: \"8.5.0\", test_version2: \"8.5.55\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"8.5.56\", install_path: location);\n security_message(port: port, data: report);\n exit(0);\n}\n\nif ((revcomp(a: version, b: \"9.0.0.M1\") >= 0) && (revcomp(a: version, b: \"9.0.35\") <= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"9.0.36\", install_path: location);\n security_message(port: port, data: report);\n exit(0);\n}\n\nif ((revcomp(a: version, b: \"10.0.0.M1\") >= 0) && (revcomp(a: version, b: \"10.0.0.M5\") <= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"10.0.0-M6\", install_path: location);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-07-21T19:49:20", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-07-02T00:00:00", "type": "openvas", "title": "Fedora: Security Advisory for bind (FEDORA-2020-5f8da4b260)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8619"], "modified": "2020-07-06T00:00:00", "id": "OPENVAS:1361412562310878019", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310878019", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.878019\");\n script_version(\"2020-07-06T06:27:18+0000\");\n script_cve_id(\"CVE-2020-8619\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-07-06 06:27:18 +0000 (Mon, 06 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-02 03:43:08 +0000 (Thu, 02 Jul 2020)\");\n script_name(\"Fedora: Security Advisory for bind (FEDORA-2020-5f8da4b260)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC31\");\n\n script_xref(name:\"FEDORA\", value:\"2020-5f8da4b260\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EIOXMJX4N3LBKC65OXNBE52W4GAS7QEX\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bind'\n package(s) announced via the FEDORA-2020-5f8da4b260 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"BIND (Berkeley Internet Name Domain) is an implementation of the DNS\n(Domain Name System) protocols. BIND includes a DNS server (named),\nwhich resolves host names to IP addresses, a resolver library\n(routines for applications to use when interfacing with DNS), and\ntools for verifying that the DNS server is operating properly.\");\n\n script_tag(name:\"affected\", value:\"'bind' package(s) on Fedora 31.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC31\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.11.20~1.fc31\", rls:\"FC31\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2020-07-21T19:50:54", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-06-24T00:00:00", "type": "openvas", "title": "Fedora: Security Advisory for bind (FEDORA-2020-54a91444ff)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8619"], "modified": "2020-07-01T00:00:00", "id": "OPENVAS:1361412562310878002", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310878002", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.878002\");\n script_version(\"2020-07-01T12:09:32+0000\");\n script_cve_id(\"CVE-2020-8619\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-07-01 12:09:32 +0000 (Wed, 01 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-24 03:05:52 +0000 (Wed, 24 Jun 2020)\");\n script_name(\"Fedora: Security Advisory for bind (FEDORA-2020-54a91444ff)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC32\");\n\n script_xref(name:\"FEDORA\", value:\"2020-54a91444ff\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CNFTTYJ5JJJJ6QG3AHXJGDIIEYMDFWFW\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bind'\n package(s) announced via the FEDORA-2020-54a91444ff advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"BIND (Berkeley Internet Name Domain) is an implementation of the DNS\n(Domain Name System) protocols. BIND includes a DNS server (named),\nwhich resolves host names to IP addresses, a resolver library\n(routines for applications to use when interfacing with DNS), and\ntools for verifying that the DNS server is operating properly.\");\n\n script_tag(name:\"affected\", value:\"'bind' package(s) on Fedora 32.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC32\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.11.20~1.fc32\", rls:\"FC32\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2020-07-21T20:05:20", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-07-17T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for tomcat8 (DLA-2279-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9484", "CVE-2020-11996"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310892279", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892279", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892279\");\n script_version(\"2020-07-17T12:33:41+0000\");\n script_cve_id(\"CVE-2020-11996\", \"CVE-2020-9484\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 12:33:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-17 12:33:41 +0000 (Fri, 17 Jul 2020)\");\n script_name(\"Debian LTS: Security Advisory for tomcat8 (DLA-2279-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-2279-1\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/961209\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat8'\n package(s) announced via the DLA-2279-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Several security vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine.\n\nCVE-2020-9484\n\nWhen using Apache Tomcat and an attacker is able to control the\ncontents and name of a file on the server, and b) the server is\nconfigured to use the PersistenceManager with a FileStore, and c)\nthe PersistenceManager is configured with\nsessionAttributeValueClassNameFilter='null' (the default unless a\nSecurityManager is used) or a sufficiently lax filter to allow the\nattacker provided object to be deserialized, and d) the attacker\nknows the relative file path from the storage location used by\nFileStore to the file the attacker has control over, then, using a\nspecifically crafted request, the attacker will be able to trigger\nremote code execution via deserialization of the file under their\ncontrol. Note that all of conditions a) to d) must be true for the\nattack to succeed.\n\nCVE-2020-11996\n\nA specially crafted sequence of HTTP/2 requests sent to Apache\nTomcat could trigger high CPU usage for several seconds. If a\nsufficient number of such requests were made on concurrent HTTP/2\nconnections, the server could become unresponsive.\");\n\n script_tag(name:\"affected\", value:\"'tomcat8' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 9 stretch, these problems have been fixed in version\n8.5.54-0+deb9u2.\n\nWe recommend that you upgrade your tomcat8 packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libservlet3.1-java\", ver:\"8.5.54-0+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libservlet3.1-java-doc\", ver:\"8.5.54-0+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libtomcat8-embed-java\", ver:\"8.5.54-0+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libtomcat8-java\", ver:\"8.5.54-0+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat8\", ver:\"8.5.54-0+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat8-admin\", ver:\"8.5.54-0+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat8-common\", ver:\"8.5.54-0+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat8-docs\", ver:\"8.5.54-0+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat8-examples\", ver:\"8.5.54-0+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat8-user\", ver:\"8.5.54-0+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-07-21T20:07:03", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-07-19T00:00:00", "type": "openvas", "title": "Debian: Security Advisory for tomcat9 (DSA-4727-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9484", "CVE-2020-13935", "CVE-2020-11996", "CVE-2020-13934"], "modified": "2020-07-19T00:00:00", "id": "OPENVAS:1361412562310704727", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704727", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704727\");\n script_version(\"2020-07-19T03:00:13+0000\");\n script_cve_id(\"CVE-2020-11996\", \"CVE-2020-13934\", \"CVE-2020-13935\", \"CVE-2020-9484\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-07-19 03:00:13 +0000 (Sun, 19 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-19 03:00:13 +0000 (Sun, 19 Jul 2020)\");\n script_name(\"Debian: Security Advisory for tomcat9 (DSA-4727-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB10\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2020/dsa-4727.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DSA-4727-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat9'\n package(s) announced via the DSA-4727-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Several vulnerabilities were discovered in the Tomcat servlet and JSP\nengine, which could result in code execution or denial of service.\");\n\n script_tag(name:\"affected\", value:\"'tomcat9' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For the stable distribution (buster), these problems have been fixed in\nversion 9.0.31-1~deb10u2.\n\nWe recommend that you upgrade your tomcat9 packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libtomcat9-embed-java\", ver:\"9.0.31-1~deb10u2\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libtomcat9-java\", ver:\"9.0.31-1~deb10u2\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat9\", ver:\"9.0.31-1~deb10u2\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat9-admin\", ver:\"9.0.31-1~deb10u2\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat9-common\", ver:\"9.0.31-1~deb10u2\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat9-docs\", ver:\"9.0.31-1~deb10u2\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat9-examples\", ver:\"9.0.31-1~deb10u2\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat9-user\", ver:\"9.0.31-1~deb10u2\", rls:\"DEB10\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cisa": [{"lastseen": "2021-02-24T18:06:44", "description": "The Internet Systems Consortium (ISC) has released security advisories that address vulnerabilities affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition.\n\nThe Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the ISC advisories for [CVE-2020-8618](<https://kb.isc.org/docs/cve-2020-8618>) and [CVE-2020-8619](<https://kb.isc.org/docs/cve-2020-8619>) for more information and to apply the necessary updates.\n\nThis product is provided subject to this Notification and this [Privacy &amp; Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ncas/current-activity/2020/06/18/isc-releases-security-advisories-bind>); we'd welcome your feedback.\n", "edition": 2, "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 4.9, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-06-18T00:00:00", "type": "cisa", "title": "ISC Releases Security Advisories for BIND", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8618", "CVE-2020-8619"], "modified": "2020-06-18T00:00:00", "id": "CISA:6AB408E664DEC2691E5D7872C63AFD97", "href": "https://us-cert.cisa.gov/ncas/current-activity/2020/06/18/isc-releases-security-advisories-bind", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-02-24T18:06:39", "description": "The Apache Software Foundation has released a security advisory to address a vulnerability in Apache Tomcat. An attacker could exploit this vulnerability to cause a denial-of-service condition.\n\nThe Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apache security advisory for [CVE-2020-11996](<http://mail-archives.us.apache.org/mod_mbox/www-announce/202006.mbox/%3Cfd56bc1d-1219-605b-99c7-946bf7bd8ad4%40apache.org%3E>) and upgrade to the appropriate version.\n\nThis product is provided subject to this Notification and this [Privacy &amp; Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ncas/current-activity/2020/06/26/apache-releases-security-advisory-apache-tomcat>); we'd welcome your feedback.\n", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-06-26T00:00:00", "type": "cisa", "title": "Apache Releases Security Advisory for Apache Tomcat", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11996"], "modified": "2020-06-29T00:00:00", "id": "CISA:918BA24AFBD99F0ED28F66A3212E3BA6", "href": "https://us-cert.cisa.gov/ncas/current-activity/2020/06/26/apache-releases-security-advisory-apache-tomcat", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2022-06-16T15:39:06", "description": "An update of the bindutils package has been released.", "cvss3": {"score": 4.9, "vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-07-29T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Bindutils PHSA-2020-1.0-0309", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8618", "CVE-2020-8619"], "modified": "2020-07-29T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:bindutils", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2020-1_0-0309_BINDUTILS.NASL", "href": "https://www.tenable.com/plugins/nessus/139047", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-1.0-0309. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139047);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/29\");\n\n script_cve_id(\"CVE-2020-8618\", \"CVE-2020-8619\");\n\n script_name(english:\"Photon OS 1.0: Bindutils PHSA-2020-1.0-0309\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the bindutils package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-309.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8619\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:bindutils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"bindutils-9.16.4-1.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bindutils\");\n}\n", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2022-06-16T15:39:33", "description": "An update of the bindutils package has been released.", "cvss3": {"score": 4.9, "vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-07-21T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Bindutils PHSA-2020-2.0-0263", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8618", "CVE-2020-8619"], "modified": "2020-07-22T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:bindutils", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2020-2_0-0263_BINDUTILS.NASL", "href": "https://www.tenable.com/plugins/nessus/138815", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-2.0-0263. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138815);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/22\");\n\n script_cve_id(\"CVE-2020-8618\", \"CVE-2020-8619\");\n\n script_name(english:\"Photon OS 2.0: Bindutils PHSA-2020-2.0-0263\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the bindutils package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-263.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8619\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:bindutils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"bindutils-9.16.4-1.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bindutils\");\n}\n", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2022-06-16T15:37:47", "description": "An update of the bindutils package has been released.", "cvss3": {"score": 4.9, "vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-07-21T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Bindutils PHSA-2020-3.0-0115", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8618", "CVE-2020-8619"], "modified": "2020-07-22T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:bindutils", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2020-3_0-0115_BINDUTILS.NASL", "href": "https://www.tenable.com/plugins/nessus/138817", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-3.0-0115. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138817);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/22\");\n\n script_cve_id(\"CVE-2020-8618\", \"CVE-2020-8619\");\n\n script_name(english:\"Photon OS 3.0: Bindutils PHSA-2020-3.0-0115\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the bindutils package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-115.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8619\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:bindutils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 3.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"bindutils-9.16.4-1.ph3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bindutils\");\n}\n", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2022-06-16T15:35:44", "description": "It was discovered that Bind incorrectly handled large responses during zone transfers. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. (CVE-2020-8618) It was discovered that Bind incorrectly handled certain asterisk characters in zone files. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service.\n(CVE-2020-8619).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 4.9, "vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-06-18T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 : Bind vulnerabilities (USN-4399-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8618", "CVE-2020-8619"], "modified": "2020-09-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:bind9", "cpe:/o:canonical:ubuntu_linux:20.04"], "id": "UBUNTU_USN-4399-1.NASL", "href": "https://www.tenable.com/plugins/nessus/137625", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4399-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137625);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2020-8618\", \"CVE-2020-8619\");\n script_xref(name:\"USN\", value:\"4399-1\");\n script_xref(name:\"IAVA\", value:\"2020-A-0276-S\");\n\n script_name(english:\"Ubuntu 20.04 : Bind vulnerabilities (USN-4399-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that Bind incorrectly handled large responses during\nzone transfers. A remote attacker could possibly use this issue to\ncause Bind to crash, resulting in a denial of service. (CVE-2020-8618)\nIt was discovered that Bind incorrectly handled certain asterisk\ncharacters in zone files. A remote attacker could possibly use this\nissue to cause Bind to crash, resulting in a denial of service.\n(CVE-2020-8619).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4399-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind9 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8619\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:bind9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 20.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"20.04\", pkgname:\"bind9\", pkgver:\"1:9.16.1-0ubuntu2.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind9\");\n}\n", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2022-06-23T15:10:27", "description": "The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:5170 advisory.\n\n - tomcat: specially crafted sequence of HTTP/2 requests can lead to DoS (CVE-2020-11996)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-11-23T00:00:00", "type": "nessus", "title": "RHEL 6 : Red Hat JBoss Web Server 5.4 security release (Moderate) (RHSA-2020:5170)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11996"], "modified": "2021-10-12T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:jws5-mod_cluster", "p-cpe:/a:redhat:enterprise_linux:jws5-mod_cluster-tomcat", "p-cpe:/a:redhat:enterprise_linux:jws5-tomcat", "p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-el-3.0-api", "p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-javadoc", "p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-jsp-2.3-api", "p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-lib", "p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-native", "p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-selinux", "p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-servlet-4.0-api", "p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-webapps"], "id": "REDHAT-RHSA-2020-5170.NASL", "href": "https://www.tenable.com/plugins/nessus/143199", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:5170. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143199);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/12\");\n\n script_cve_id(\"CVE-2020-11996\");\n script_xref(name:\"RHSA\", value:\"2020:5170\");\n script_xref(name:\"IAVA\", value:\"2020-A-0292-S\");\n\n script_name(english:\"RHEL 6 : Red Hat JBoss Web Server 5.4 security release (Moderate) (RHSA-2020:5170)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:5170 advisory.\n\n - tomcat: specially crafted sequence of HTTP/2 requests can lead to DoS (CVE-2020-11996)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/400.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11996\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:5170\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1851420\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11996\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(400);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jws5-mod_cluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jws5-mod_cluster-tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jws5-tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-el-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-jsp-2.3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-servlet-4.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-webapps\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '6')) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'jboss_enterprise_web_server_5_4_el6': [\n 'jws-5-for-rhel-6-server-debug-rpms',\n 'jws-5-for-rhel-6-server-rpms',\n 'jws-5-for-rhel-6-server-source-rpms'\n ],\n 'jboss_enterprise_web_server_5_4_el8': [\n 'jws-5-for-rhel-8-x86_64-debug-rpms',\n 'jws-5-for-rhel-8-x86_64-rpms',\n 'jws-5-for-rhel-8-x86_64-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'jws5-jboss-logging-3.4.1-1.Final_redhat_00001.1.el6jws', 'release':'6', 'el_string':'el6jws', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-5', 'repo_list':['jboss_enterprise_web_server_5_4_el6', 'jboss_enterprise_web_server_5_4_el8']},\n {'reference':'jws5-mod_cluster-1.4.2-7.Final_redhat_00002.2.el6jws', 'release':'6', 'el_string':'el6jws', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-5', 'repo_list':['jboss_enterprise_web_server_5_4_el6', 'jboss_enterprise_web_server_5_4_el8']},\n {'reference':'jws5-mod_cluster-tomcat-1.4.2-7.Final_redhat_00002.2.el6jws', 'release':'6', 'el_string':'el6jws', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-5', 'repo_list':['jboss_enterprise_web_server_5_4_el6', 'jboss_enterprise_web_server_5_4_el8']},\n {'reference':'jws5-tomcat-9.0.36-6.redhat_5.2.el6jws', 'release':'6', 'el_string':'el6jws', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-5', 'repo_list':['jboss_enterprise_web_server_5_4_el6', 'jboss_enterprise_web_server_5_4_el8']},\n {'reference':'jws5-tomcat-admin-webapps-9.0.36-6.redhat_5.2.el6jws', 'release':'6', 'el_string':'el6jws', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-5', 'repo_list':['jboss_enterprise_web_server_5_4_el6', 'jboss_enterprise_web_server_5_4_el8']},\n {'reference':'jws5-tomcat-docs-webapp-9.0.36-6.redhat_5.2.el6jws', 'release':'6', 'el_string':'el6jws', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-5', 'repo_list':['jboss_enterprise_web_server_5_4_el6', 'jboss_enterprise_web_server_5_4_el8']},\n {'reference':'jws5-tomcat-el-3.0-api-9.0.36-6.redhat_5.2.el6jws', 'release':'6', 'el_string':'el6jws', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-5', 'repo_list':['jboss_enterprise_web_server_5_4_el6', 'jboss_enterprise_web_server_5_4_el8']},\n {'reference':'jws5-tomcat-javadoc-9.0.36-6.redhat_5.2.el6jws', 'release':'6', 'el_string':'el6jws', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-5', 'repo_list':['jboss_enterprise_web_server_5_4_el6', 'jboss_enterprise_web_server_5_4_el8']},\n {'reference':'jws5-tomcat-jsp-2.3-api-9.0.36-6.redhat_5.2.el6jws', 'release':'6', 'el_string':'el6jws', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-5', 'repo_list':['jboss_enterprise_web_server_5_4_el6', 'jboss_enterprise_web_server_5_4_el8']},\n {'reference':'jws5-tomcat-lib-9.0.36-6.redhat_5.2.el6jws', 'release':'6', 'el_string':'el6jws', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-5', 'repo_list':['jboss_enterprise_web_server_5_4_el6', 'jboss_enterprise_web_server_5_4_el8']},\n {'reference':'jws5-tomcat-native-1.2.25-2.redhat_2.el6jws', 'cpu':'i686', 'release':'6', 'el_string':'el6jws', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-5', 'repo_list':['jboss_enterprise_web_server_5_4_el6', 'jboss_enterprise_web_server_5_4_el8']},\n {'reference':'jws5-tomcat-native-1.2.25-2.redhat_2.el6jws', 'cpu':'x86_64', 'release':'6', 'el_string':'el6jws', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-5', 'repo_list':['jboss_enterprise_web_server_5_4_el6', 'jboss_enterprise_web_server_5_4_el8']},\n {'reference':'jws5-tomcat-selinux-9.0.36-6.redhat_5.2.el6jws', 'release':'6', 'el_string':'el6jws', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-5', 'repo_list':['jboss_enterprise_web_server_5_4_el6', 'jboss_enterprise_web_server_5_4_el8']},\n {'reference':'jws5-tomcat-servlet-4.0-api-9.0.36-6.redhat_5.2.el6jws', 'release':'6', 'el_string':'el6jws', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-5', 'repo_list':['jboss_enterprise_web_server_5_4_el6', 'jboss_enterprise_web_server_5_4_el8']},\n {'reference':'jws5-tomcat-webapps-9.0.36-6.redhat_5.2.el6jws', 'release':'6', 'el_string':'el6jws', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-5', 'repo_list':['jboss_enterprise_web_server_5_4_el6', 'jboss_enterprise_web_server_5_4_el8']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'jws5-jboss-logging / jws5-mod_cluster / jws5-mod_cluster-tomcat / etc');\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-14T16:24:50", "description": "The version of Apache Tomcat installed on the remote host is 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 or 8.5.0 to 8.5.55. It is, therefore, affected by a denial of service via HTTP/2 requests.\n\nNote that the scanner has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-08-14T00:00:00", "type": "nessus", "title": "Apache Tomcat 8.5.x < 8.5.56 Denial of Service", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11996"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_112561", "href": "https://www.tenable.com/plugins/was/112561", "sourceData": "No source data", "cvss": {"score": 5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-14T16:24:50", "description": "The version of Apache Tomcat installed on the remote host is 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 or 8.5.0 to 8.5.55. It is, therefore, affected by a denial of service via HTTP/2 requests.\n\nNote that the scanner has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-08-14T00:00:00", "type": "nessus", "title": "Apache Tomcat 9.0.0.M1 < 9.0.36 Denial of Service", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11996"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_112560", "href": "https://www.tenable.com/plugins/was/112560", "sourceData": "No source data", "cvss": {"score": 5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-14T16:24:50", "description": "The version of Apache Tomcat installed on the remote host is 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 or 8.5.0 to 8.5.55. It is, therefore, affected by a denial of service via HTTP/2 requests.\n\nNote that the scanner has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-08-14T00:00:00", "type": "nessus", "title": "Apache Tomcat 10.0.0-M1 < 10.0.0-M6 Denial of Service", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11996"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_112559", "href": "https://www.tenable.com/plugins/was/112559", "sourceData": "No source data", "cvss": {"score": 5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-19T14:57:42", "description": "An update of the apache package has been released.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-07-15T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Apache PHSA-2020-1.0-0308", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11996"], "modified": "2021-06-03T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:apache", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2020-1_0-0308_APACHE.NASL", "href": "https://www.tenable.com/plugins/nessus/138516", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-1.0-0308. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138516);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/03\");\n\n script_cve_id(\"CVE-2020-11996\");\n script_xref(name:\"IAVA\", value:\"2020-A-0292-S\");\n\n script_name(english:\"Photon OS 1.0: Apache PHSA-2020-1.0-0308\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the apache package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-308.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11996\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"apache-tomcat-8.5.51-3.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-19T14:58:38", "description": "An update of the apache package has been released.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-07-21T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Apache PHSA-2020-3.0-0114", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11996"], "modified": "2020-07-22T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:apache", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2020-3_0-0114_APACHE.NASL", "href": "https://www.tenable.com/plugins/nessus/138812", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-3.0-0114. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138812);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/22\");\n\n script_cve_id(\"CVE-2020-11996\");\n\n script_name(english:\"Photon OS 3.0: Apache PHSA-2020-3.0-0114\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the apache package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-114.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11996\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 3.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"apache-tomcat-8.5.51-3.ph3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:03:16", "description": "The version of Apache Tomcat installed on the remote host is < 10.0.0-M6. It is, therefore, affected by a vulnerability as referenced in the fixed_in_apache_tomcat_10.0.0-m6_security-10 advisory. Note that Nessus Network Monitor has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": null, "vector": null}, "published": "2021-04-14T00:00:00", "type": "nessus", "title": "Apache Tomcat < 10.0.0-M6 Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11996"], "modified": "2021-04-14T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "701331.PASL", "href": "https://www.tenable.com/plugins/nnm/701331", "sourceData": "Binary data 701331.pasl", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-16T15:23:43", "description": "The version of Tomcat installed on the remote host is prior to 8.5.56. It is, therefore, affected by a denial of service vulnerability as referenced in the fixed_in_apache_tomcat_8.5.56_security-8 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-07-03T00:00:00", "type": "nessus", "title": "Apache Tomcat 8.5.0 < 8.5.56 DoS", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11996"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_8_5_56.NASL", "href": "https://www.tenable.com/plugins/nessus/138097", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138097);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2020-11996\");\n script_xref(name:\"IAVA\", value:\"2020-A-0292-S\");\n\n script_name(english:\"Apache Tomcat 8.5.0 < 8.5.56 DoS\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by a denial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Tomcat installed on the remote host is prior to 8.5.56. It is, therefore, affected by a denial of\nservice vulnerability as referenced in the fixed_in_apache_tomcat_8.5.56_security-8 advisory. Note that Nessus has not\ntested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://github.com/apache/tomcat/commit/c8acd2ab7371e39aeca7c306f3b5380f00afe552\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9a501720\");\n # https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.56\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0ff2bf8c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 8.5.56 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11996\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude('tomcat_version.inc');\n\ntomcat_check_version(fixed: '8.5.56', min:'8.5.0', severity:SECURITY_WARNING, granularity_regex: \"^8(\\.5)?$\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-16T15:22:53", "description": "The version of Tomcat installed on the remote host is prior to 9.0.36. It is, therefore, affected by a vulnerability as referenced in the fixed_in_apache_tomcat_9.0.36_security-9 advisory.\n\n - A specially crafted sequence of HTTP/2 requests could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive. (CVE-2020-11996)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-07-03T00:00:00", "type": "nessus", "title": "Apache Tomcat 9.0.0.M1 < 9.0.36 DoS", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11996"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_9_0_36.NASL", "href": "https://www.tenable.com/plugins/nessus/138098", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138098);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2020-11996\");\n script_xref(name:\"IAVA\", value:\"2020-A-0292-S\");\n\n script_name(english:\"Apache Tomcat 9.0.0.M1 < 9.0.36 DoS\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by a denial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Tomcat installed on the remote host is prior to 9.0.36. It is, therefore, affected by a vulnerability as\nreferenced in the fixed_in_apache_tomcat_9.0.36_security-9 advisory.\n\n - A specially crafted sequence of HTTP/2 requests could\n trigger high CPU usage for several seconds. If a\n sufficient number of such requests were made on\n concurrent HTTP/2 connections, the server could become\n unresponsive. (CVE-2020-11996)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://github.com/apache/tomcat/commit/9a0231683a77e2957cea0fdee88b193b30b0c976\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e98498cd\");\n # https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.36\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?45bd805e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 9.0.36 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11996\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude('tomcat_version.inc');\n\ntomcat_check_version(fixed: '9.0.36', min:'9.0.0.M1', severity:SECURITY_WARNING, granularity_regex: \"^9(\\.0)?$\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-16T15:20:18", "description": "This update for tomcat fixes the following issues :\n\nTomcat was updated to 9.0.36 See changelog at\n\n - CVE-2020-11996: Fixed an issue which by sending a specially crafted sequence of HTTP/2 requests could have triggered high CPU usage for several seconds making potentially the server unresponsive (bsc#1173389).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-07-27T00:00:00", "type": "nessus", "title": "openSUSE Security Update : tomcat (openSUSE-2020-1051)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11996"], "modified": "2020-07-30T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tomcat", "p-cpe:/a:novell:opensuse:tomcat-admin-webapps", "p-cpe:/a:novell:opensuse:tomcat-docs-webapp", "p-cpe:/a:novell:opensuse:tomcat-el-3_0-api", "p-cpe:/a:novell:opensuse:tomcat-embed", "p-cpe:/a:novell:opensuse:tomcat-javadoc", "p-cpe:/a:novell:opensuse:tomcat-jsp-2_3-api", "p-cpe:/a:novell:opensuse:tomcat-jsvc", "p-cpe:/a:novell:opensuse:tomcat-lib", "p-cpe:/a:novell:opensuse:tomcat-servlet-4_0-api", "p-cpe:/a:novell:opensuse:tomcat-webapps", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-1051.NASL", "href": "https://www.tenable.com/plugins/nessus/138983", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1051.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138983);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/30\");\n\n script_cve_id(\"CVE-2020-11996\");\n\n script_name(english:\"openSUSE Security Update : tomcat (openSUSE-2020-1051)\");\n script_summary(english:\"Check for the openSUSE-2020-1051 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for tomcat fixes the following issues :\n\nTomcat was updated to 9.0.36 See changelog at\n\n - CVE-2020-11996: Fixed an issue which by sending a\n specially crafted sequence of HTTP/2 requests could have\n triggered high CPU usage for several seconds making\n potentially the server unresponsive (bsc#1173389).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173389\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected tomcat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-el-3_0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-embed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-jsp-2_3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-servlet-4_0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"tomcat-9.0.36-lp151.3.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"tomcat-admin-webapps-9.0.36-lp151.3.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"tomcat-docs-webapp-9.0.36-lp151.3.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"tomcat-el-3_0-api-9.0.36-lp151.3.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"tomcat-embed-9.0.36-lp151.3.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"tomcat-javadoc-9.0.36-lp151.3.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"tomcat-jsp-2_3-api-9.0.36-lp151.3.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"tomcat-jsvc-9.0.36-lp151.3.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"tomcat-lib-9.0.36-lp151.3.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"tomcat-servlet-4_0-api-9.0.36-lp151.3.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"tomcat-webapps-9.0.36-lp151.3.24.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-16T15:21:01", "description": "This update for tomcat fixes the following issues: &#9; Tomcat was updated to 9.0.36 See changelog at\n\n - CVE-2020-11996: Fixed an issue which by sending a specially crafted sequence of HTTP/2 requests could have triggered high CPU usage for several seconds making potentially the server unresponsive (bsc#1173389).\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-07-27T00:00:00", "type": "nessus", "title": "openSUSE Security Update : tomcat (openSUSE-2020-1063)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11996"], "modified": "2020-07-30T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tomcat", "p-cpe:/a:novell:opensuse:tomcat-admin-webapps", "p-cpe:/a:novell:opensuse:tomcat-docs-webapp", "p-cpe:/a:novell:opensuse:tomcat-el-3_0-api", "p-cpe:/a:novell:opensuse:tomcat-embed", "p-cpe:/a:novell:opensuse:tomcat-javadoc", "p-cpe:/a:novell:opensuse:tomcat-jsp-2_3-api", "p-cpe:/a:novell:opensuse:tomcat-jsvc", "p-cpe:/a:novell:opensuse:tomcat-lib", "p-cpe:/a:novell:opensuse:tomcat-servlet-4_0-api", "p-cpe:/a:novell:opensuse:tomcat-webapps", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-1063.NASL", "href": "https://www.tenable.com/plugins/nessus/138987", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1063.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138987);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/30\");\n\n script_cve_id(\"CVE-2020-11996\");\n\n script_name(english:\"openSUSE Security Update : tomcat (openSUSE-2020-1063)\");\n script_summary(english:\"Check for the openSUSE-2020-1063 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for tomcat fixes the following issues: &#9; Tomcat was\nupdated to 9.0.36 See changelog at\n\n - CVE-2020-11996: Fixed an issue which by sending a\n specially crafted sequence of HTTP/2 requests could have\n triggered high CPU usage for several seconds making\n potentially the server unresponsive (bsc#1173389).\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173389\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected tomcat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-el-3_0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-embed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-jsp-2_3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-servlet-4_0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"tomcat-9.0.36-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"tomcat-admin-webapps-9.0.36-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"tomcat-docs-webapp-9.0.36-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"tomcat-el-3_0-api-9.0.36-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"tomcat-embed-9.0.36-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"tomcat-javadoc-9.0.36-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"tomcat-jsp-2_3-api-9.0.36-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"tomcat-jsvc-9.0.36-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"tomcat-lib-9.0.36-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"tomcat-servlet-4_0-api-9.0.36-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"tomcat-webapps-9.0.36-lp152.2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-16T15:21:03", "description": "An update of the apache package has been released.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-07-21T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Apache PHSA-2020-2.0-0263", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11996"], "modified": "2020-07-22T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:apache", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2020-2_0-0263_APACHE.NASL", "href": "https://www.tenable.com/plugins/nessus/138814", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-2.0-0263. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138814);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/22\");\n\n script_cve_id(\"CVE-2020-11996\");\n\n script_name(english:\"Photon OS 2.0: Apache PHSA-2020-2.0-0263\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the apache package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-263.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11996\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"apache-tomcat-8.5.51-3.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-16T17:22:55", "description": "The version of Tomcat installed on the remote host is prior to 10.0.0.M6. It is, therefore, affected by a vulnerability as referenced in the fixed_in_apache_tomcat_10.0.0-m6_security-10 advisory.\n\n - A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.\n (CVE-2020-11996)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2021-06-21T00:00:00", "type": "nessus", "title": "Apache Tomcat 10.0.0.M1 < 10.0.0.M6 vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11996"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_10_0_0_M6.NASL", "href": "https://www.tenable.com/plugins/nessus/150938", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150938);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2020-11996\");\n script_xref(name:\"IAVA\", value:\"2020-A-0292-S\");\n\n script_name(english:\"Apache Tomcat 10.0.0.M1 < 10.0.0.M6 vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by a vulnerability\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Tomcat installed on the remote host is prior to 10.0.0.M6. It is, therefore, affected by a vulnerability\nas referenced in the fixed_in_apache_tomcat_10.0.0-m6_security-10 advisory.\n\n - A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to\n 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of\n such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.\n (CVE-2020-11996)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://github.com/apache/tomcat/commit/9434a44d3449d620b1be70206819f8275b4a7509\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c1261b2b\");\n # https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M6\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d35c3740\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 10.0.0.M6 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11996\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude('tomcat_version.inc');\n\ntomcat_check_version(fixed: '10.0.0.M6', min:'10.0.0.M1', severity:SECURITY_WARNING, granularity_regex: \"^(10(\\.0(\\.0)?)?)$\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:14:21", "description": "ISC reports :\n\nAn assertion check in BIND (that is meant to prevent going beyond the end of a buffer when processing incoming data) can be incorrectly triggered by a large response during zone transfer.", "cvss3": {"score": 4.9, "vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-06-22T00:00:00", "type": "nessus", "title": "FreeBSD : BIND -- Remote Denial of Service vulnerability (75d72e03-b137-11ea-8659-901b0ef719ab)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8618"], "modified": "2020-08-28T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:bind916", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_75D72E03B13711EA8659901B0EF719AB.NASL", "href": "https://www.tenable.com/plugins/nessus/137690", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137690);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/28\");\n\n script_cve_id(\"CVE-2020-8618\");\n script_xref(name:\"IAVA\", value:\"2020-A-0276-S\");\n\n script_name(english:\"FreeBSD : BIND -- Remote Denial of Service vulnerability (75d72e03-b137-11ea-8659-901b0ef719ab)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"ISC reports :\n\nAn assertion check in BIND (that is meant to prevent going beyond the\nend of a buffer when processing incoming data) can be incorrectly\ntriggered by a large response during zone transfer.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.isc.org/docs/cve-2020-8618\");\n # https://vuxml.freebsd.org/freebsd/75d72e03-b137-11ea-8659-901b0ef719ab.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?805adf82\");\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8618\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:bind916\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/22\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"bind916>=9.16.0<9.16.4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:14:20", "description": "The version of ISC BIND installed on the remote host is prior to 9.16.4. It is, therefore, affected by a denial of service (DoS) vulnerability in its zone transfer functionality due to insufficient validation of user-supplied input. An authenticated, remote attacker can exploit this issue, to cause a DoS condition on the service.", "cvss3": {"score": 4.9, "vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-06-26T00:00:00", "type": "nessus", "title": "ISC BIND 9.16.x < 9.16.4 DoS", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8618"], "modified": "2020-08-28T00:00:00", "cpe": ["cpe:/a:isc:bind"], "id": "BIND9_9164.NASL", "href": "https://www.tenable.com/plugins/nessus/137838", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137838);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/28\");\n\n script_cve_id(\"CVE-2020-8618\");\n script_xref(name:\"IAVA\", value:\"2020-A-0276-S\");\n\n script_name(english:\"ISC BIND 9.16.x < 9.16.4 DoS\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote name server is affected by a denial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of ISC BIND installed on the remote host is prior to 9.16.4. It is, therefore, affected by a denial of \n service (DoS) vulnerability in its zone transfer functionality due to insufficient validation of user-supplied input. \n An authenticated, remote attacker can exploit this issue, to cause a DoS condition on the service.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.isc.org/docs/cve-2020-8618\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.isc.org/download/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.isc.org/pgpkey/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.isc.org/reportbug/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to ISC BIND version 9.16.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8618\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/26\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:isc:bind\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"DNS\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"bind_version.nasl\");\n script_require_keys(\"bind/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvcf::bind::initialize();\n\napp_info = vcf::get_app_info(\n app:'BIND',\n port:53,\n kb_ver:'bind/version',\n service:TRUE,\n proto:'UDP'\n);\n\nif (report_paranoia < 2)\n audit(AUDIT_PARANOID);\n\nconstraints = [{ 'min_version' : '9.16.0', 'fixed_version' : '9.16.4' }];\nconstraints = vcf::bind::filter_constraints(constraints:constraints, version:app_info.version);\n\nvcf::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_WARNING\n);\n", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2022-06-16T15:41:18", "description": "The asterisk character ('*') is allowed in DNS zone files, where it is most commonly present as a wildcard at a terminal node of the Domain Name System graph. However, the RFCs do not require and BIND does not enforce that an asterisk character be present only at a terminal node.\n\nA problem can occur when an asterisk is present in an empty non-terminal location within the DNS graph. If such a node exists, after a series of queries, named can reach an inconsistent state that results in the failure of an assertion check in rbtdb.c, followed by the program exiting due to the assertion failure. (CVE-2020-8619)\n\nImpact\n\nYou encounter this defect when you have both of the following conditions :\n\nA nameserver provides authoritative service for one or more zones.\n\nAt least one zone contains an empty non-terminal entry containing an asterisk character.\n\nA would-be attacker who is allowed to change zone content could, theoretically, introduce such a record in order to exploit this condition to cause denial-of-service (DoS);however, the use of this vector is unlikely because any such attack requires a significant privilege-level and iseasily traceable.\n\nBIND versions from 9.11.14 through 9.11.19 are impacted.", "cvss3": {"score": 4.9, "vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-08-20T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : BIND vulnerability (K19807532)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8619"], "modified": "2021-04-07T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/h:f5:big-ip"], "id": "F5_BIGIP_SOL19807532.NASL", "href": "https://www.tenable.com/plugins/nessus/139704", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K19807532.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139704);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/07\");\n\n script_cve_id(\"CVE-2020-8619\");\n\n script_name(english:\"F5 Networks BIG-IP : BIND vulnerability (K19807532)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The asterisk character ('*') is allowed in DNS zone files, where it is\nmost commonly present as a wildcard at a terminal node of the Domain\nName System graph. However, the RFCs do not require and BIND does not\nenforce that an asterisk character be present only at a terminal node.\n\nA problem can occur when an asterisk is present in an empty\nnon-terminal location within the DNS graph. If such a node exists,\nafter a series of queries, named can reach an inconsistent state that\nresults in the failure of an assertion check in rbtdb.c, followed by\nthe program exiting due to the assertion failure. (CVE-2020-8619)\n\nImpact\n\nYou encounter this defect when you have both of the following\nconditions :\n\nA nameserver provides authoritative service for one or more zones.\n\nAt least one zone contains an empty non-terminal entry containing an\nasterisk character.\n\nA would-be attacker who is allowed to change zone content could,\ntheoretically, introduce such a record in order to exploit this\ncondition to cause denial-of-service (DoS);however, the use of this\nvector is unlikely because any such attack requires a significant\nprivilege-level and iseasily traceable.\n\nBIND versions from 9.11.14 through 9.11.19 are impacted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K19807532\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K19807532.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K19807532\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"16.0.0\",\"15.1.0\",\"15.0.0-15.0.1\",\"14.1.0-14.1.2\",\"13.1.0-13.1.3\",\"12.1.0-12.1.5\",\"11.6.1-11.6.5\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"16.0.1\",\"14.1.2.7\",\"13.1.3.5\",\"12.1.6\",\"11.6.5.3\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"16.0.0\",\"15.1.0\",\"15.0.0-15.0.1\",\"14.1.0-14.1.2\",\"13.1.0-13.1.3\",\"12.1.0-12.1.5\",\"11.6.1-11.6.5\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"16.0.1\",\"14.1.2.7\",\"13.1.3.5\",\"12.1.6\",\"11.6.5.3\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"16.0.0\",\"15.1.0\",\"15.0.0-15.0.1\",\"14.1.0-14.1.2\",\"13.1.0-13.1.3\",\"12.1.0-12.1.5\",\"11.6.1-11.6.5\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"16.0.1\",\"14.1.2.7\",\"13.1.3.5\",\"12.1.6\",\"11.6.5.3\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"16.0.0\",\"15.1.0\",\"15.0.0-15.0.1\",\"14.1.0-14.1.2\",\"13.1.0-13.1.3\",\"12.1.0-12.1.5\",\"11.6.1-11.6.5\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"16.0.1\",\"14.1.2.7\",\"13.1.3.5\",\"12.1.6\",\"11.6.5.3\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"16.0.0\",\"15.1.0\",\"15.0.0-15.0.1\",\"14.1.0-14.1.2\",\"13.1.0-13.1.3\",\"12.1.0-12.1.5\",\"11.6.1-11.6.5\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"16.0.1\",\"14.1.2.7\",\"13.1.3.5\",\"12.1.6\",\"11.6.5.3\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"16.0.0\",\"15.1.0\",\"15.0.0-15.0.1\",\"14.1.0-14.1.2\",\"13.1.0-13.1.3\",\"12.1.0-12.1.5\",\"11.6.1-11.6.5\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"16.0.1\",\"14.1.2.7\",\"13.1.3.5\",\"12.1.6\",\"11.6.5.3\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"16.0.0\",\"15.1.0\",\"15.0.0-15.0.1\",\"14.1.0-14.1.2\",\"13.1.0-13.1.3\",\"12.1.0-12.1.5\",\"11.6.1-11.6.5\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"16.0.1\",\"14.1.2.7\",\"13.1.3.5\",\"12.1.6\",\"11.6.5.3\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"16.0.0\",\"15.1.0\",\"15.0.0-15.0.1\",\"14.1.0-14.1.2\",\"13.1.0-13.1.3\",\"12.1.0-12.1.5\",\"11.6.1-11.6.5\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"16.0.1\",\"14.1.2.7\",\"13.1.3.5\",\"12.1.6\",\"11.6.5.3\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"16.0.0\",\"15.1.0\",\"15.0.0-15.0.1\",\"14.1.0-14.1.2\",\"13.1.0-13.1.3\",\"12.1.0-12.1.5\",\"11.6.1-11.6.5\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"16.0.1\",\"14.1.2.7\",\"13.1.3.5\",\"12.1.6\",\"11.6.5.3\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2022-06-16T15:36:57", "description": "Update to last release, including security fix. Upstream [Release notes](https://downloads.isc.org/isc/bind9/9.11.20/doc/arm/Bv9ARM.html )\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 4.9, "vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-06-24T00:00:00", "type": "nessus", "title": "Fedora 32 : 32:bind (2020-54a91444ff)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8619"], "modified": "2020-08-28T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:32:bind", "cpe:/o:fedoraproject:fedora:32"], "id": "FEDORA_2020-54A91444FF.NASL", "href": "https://www.tenable.com/plugins/nessus/137765", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-54a91444ff.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137765);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/28\");\n\n script_cve_id(\"CVE-2020-8619\");\n script_xref(name:\"FEDORA\", value:\"2020-54a91444ff\");\n script_xref(name:\"IAVA\", value:\"2020-A-0276-S\");\n\n script_name(english:\"Fedora 32 : 32:bind (2020-54a91444ff)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Update to last release, including security fix. Upstream [Release\nnotes](https://downloads.isc.org/isc/bind9/9.11.20/doc/arm/Bv9ARM.html\n)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-54a91444ff\");\n script_set_attribute(attribute:\"see_also\", value:\"https://downloads.isc.org/isc/bind9/9.11.20/doc/arm/Bv9ARM.html\");\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected 32:bind package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8619\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:32:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/24\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 32\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC32\", reference:\"bind-9.11.20-1.fc32\", epoch:\"32\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"32:bind\");\n}\n", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2022-06-16T15:37:18", "description": "The version of ISC BIND installed on the remote host is affected by a denial of service (DoS) vulnerability in rbtdb.c due to an assertion failure. An authenticated, remote attacker can exploit this issue, to cause a DoS condition. \n\n Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version", "cvss3": {"score": 4.9, "vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-06-26T00:00:00", "type": "nessus", "title": "ISC BIND 9.11.x < 9.11.20 / 9.11.14-S1 < 9.11.19-S9 / 9.14.x < 9.14.13 / 9.16.x < 9.16.4 DoS", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8619"], "modified": "2020-08-28T00:00:00", "cpe": ["cpe:/a:isc:bind"], "id": "BIND9_9164_CVE_2020_8619.NASL", "href": "https://www.tenable.com/plugins/nessus/137837", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137837);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/28\");\n\n script_cve_id(\"CVE-2020-8619\");\n script_xref(name:\"IAVA\", value:\"2020-A-0276-S\");\n\n script_name(english:\"ISC BIND 9.11.x < 9.11.20 / 9.11.14-S1 < 9.11.19-S9 / 9.14.x < 9.14.13 / 9.16.x < 9.16.4 DoS\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote name server is affected by a denial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of ISC BIND installed on the remote host is affected by a denial of service (DoS) vulnerability in \n rbtdb.c due to an assertion failure. An authenticated, remote attacker can exploit this issue, to cause a DoS \n condition. \n\n Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported \n version\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.isc.org/docs/cve-2020-8619\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to ISC BIND version 9.11.19-S9 / 9.11.20 / 9.14.13 / 9.16.4 or later\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8619\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/26\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:isc:bind\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"DNS\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"bind_version.nasl\");\n script_require_keys(\"bind/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvcf::bind::initialize();\napp_info = vcf::get_app_info(\n app:'BIND',\n port:53,\n kb_ver:'bind/version',\n service:TRUE,\n proto:'UDP'\n);\n\nif (report_paranoia < 2)\n audit(AUDIT_PARANOID);\n\nconstraints = [\n { 'min_version' : '9.11.0', 'fixed_version' : '9.11.20' },\n { 'min_version' : '9.11.14-S1', 'fixed_version' : '9.11.19-S9' },\n { 'min_version' : '9.14.0', 'fixed_version' : '9.14.13' },\n { 'min_version' : '9.16.0', 'fixed_version' : '9.16.4' },\n];\n\nconstraints = vcf::bind::filter_constraints(\n constraints:constraints,\n version:app_info.version\n);\n\nvcf::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_WARNING\n);\n", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2022-06-16T15:37:19", "description": "Update to last release, including security fix. Upstream [Release notes](https://downloads.isc.org/isc/bind9/9.11.20/doc/arm/Bv9ARM.html )\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 4.9, "vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-06-29T00:00:00", "type": "nessus", "title": "Fedora 31 : 32:bind (2020-5f8da4b260)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8619"], "modified": "2020-08-28T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:32:bind", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2020-5F8DA4B260.NASL", "href": "https://www.tenable.com/plugins/nessus/137865", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-5f8da4b260.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137865);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/28\");\n\n script_cve_id(\"CVE-2020-8619\");\n script_xref(name:\"FEDORA\", value:\"2020-5f8da4b260\");\n script_xref(name:\"IAVA\", value:\"2020-A-0276-S\");\n\n script_name(english:\"Fedora 31 : 32:bind (2020-5f8da4b260)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Update to last release, including security fix. Upstream [Release\nnotes](https://downloads.isc.org/isc/bind9/9.11.20/doc/arm/Bv9ARM.html\n)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-5f8da4b260\");\n script_set_attribute(attribute:\"see_also\", value:\"https://downloads.isc.org/isc/bind9/9.11.20/doc/arm/Bv9ARM.html\");\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected 32:bind package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8619\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:32:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/29\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"bind-9.11.20-1.fc31\", epoch:\"32\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"32:bind\");\n}\n", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2022-06-16T15:35:46", "description": "New bind packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix a security issue.", "cvss3": {"score": 4.9, "vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-06-22T00:00:00", "type": "nessus", "title": "Slackware 14.0 / 14.1 / 14.2 / current : bind (SSA:2020-170-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8619"], "modified": "2020-08-28T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:bind", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2020-170-01.NASL", "href": "https://www.tenable.com/plugins/nessus/137699", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2020-170-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137699);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/28\");\n\n script_cve_id(\"CVE-2020-8619\");\n script_xref(name:\"SSA\", value:\"2020-170-01\");\n script_xref(name:\"IAVA\", value:\"2020-A-0276-S\");\n\n script_name(english:\"Slackware 14.0 / 14.1 / 14.2 / current : bind (SSA:2020-170-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"New bind packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix a security issue.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2020&m=slackware-security.429869\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?026c3734\");\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8619\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/22\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"bind\", pkgver:\"9.11.20\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"bind\", pkgver:\"9.11.20\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"bind\", pkgver:\"9.11.20\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"bind\", pkgver:\"9.11.20\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"bind\", pkgver:\"9.11.20\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"bind\", pkgver:\"9.11.20\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"bind\", pkgver:\"9.16.4\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"bind\", pkgver:\"9.16.4\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2022-06-16T15:36:56", "description": "ISC reports :\n\nThe asterisk character ('*') is allowed in DNS zone files, where it is most commonly present as a wildcard at a terminal node of the Domain Name System graph. However, the RFCs do not require and BIND does not enforce that an asterisk character be present only at a terminal node.\n\nA problem can occur when an asterisk is present in an empty non-terminal location within the DNS graph. If such a node exists, after a series of queries, named can reach an inconsistent state that results in the failure of an assertion check in rbtdb.c, followed by the program exiting due to the assertion failure.", "cvss3": {"score": 4.9, "vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-06-22T00:00:00", "type": "nessus", "title": "FreeBSD : BIND -- Remote Denial of Service vulnerability (f00d1873-b138-11ea-8659-901b0ef719ab)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8619"], "modified": "2020-08-28T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:bind911", "p-cpe:/a:freebsd:freebsd:bind916", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_F00D1873B13811EA8659901B0EF719AB.NASL", "href": "https://www.tenable.com/plugins/nessus/137692", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137692);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/28\");\n\n script_cve_id(\"CVE-2020-8619\");\n script_xref(name:\"IAVA\", value:\"2020-A-0276-S\");\n\n script_name(english:\"FreeBSD : BIND -- Remote Denial of Service vulnerability (f00d1873-b138-11ea-8659-901b0ef719ab)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"ISC reports :\n\nThe asterisk character ('*') is allowed in DNS zone files, where it is\nmost commonly present as a wildcard at a terminal node of the Domain\nName System graph. However, the RFCs do not require and BIND does not\nenforce that an asterisk character be present only at a terminal node.\n\nA problem can occur when an asterisk is present in an empty\nnon-terminal location within the DNS graph. If such a node exists,\nafter a series of queries, named can reach an inconsistent state that\nresults in the failure of an assertion check in rbtdb.c, followed by\nthe program exiting due to the assertion failure.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.isc.org/docs/cve-2020-8619\");\n # https://vuxml.freebsd.org/freebsd/f00d1873-b138-11ea-8659-901b0ef719ab.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?50e0b9e6\");\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8619\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:bind911\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:bind916\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/22\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"bind911>=9.11.14<9.11.20\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"bind916>=9.16.0<9.16.4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2022-06-16T14:54:49", "description": "According to the version of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1:\n Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk ('*') character, this defect cannot be encountered. A would-be attacker who is allowed to change zone content could theoretically introduce such a record in order to exploit this condition to cause denial of service, though we consider the use of this vector unlikely because any such attack would require a significant privilege level and be easily traceable.(CVE-2020-8619)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 4.9, "vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}, "published": "2021-02-05T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : bind (EulerOS-SA-2021-1242)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8619"], "modified": "2021-02-09T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:bind", "p-cpe:/a:huawei:euleros:bind-chroot", "p-cpe:/a:huawei:euleros:bind-export-libs", "p-cpe:/a:huawei:euleros:bind-libs", "p-cpe:/a:huawei:euleros:bind-libs-lite", "p-cpe:/a:huawei:euleros:bind-pkcs11", "p-cpe:/a:huawei:euleros:bind-utils", "p-cpe:/a:huawei:euleros:python3-bind", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1242.NASL", "href": "https://www.tenable.com/plugins/nessus/146246", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146246);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/09\");\n\n script_cve_id(\n \"CVE-2020-8619\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : bind (EulerOS-SA-2021-1242)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the bind packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND\n 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND\n Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1:\n Unless a nameserver is providing authoritative service\n for one or more zones and at least one zone contains an\n empty non-terminal entry containing an asterisk ('*')\n character, this defect cannot be encountered. A\n would-be attacker who is allowed to change zone content\n could theoretically introduce such a record in order to\n exploit this condition to cause denial of service,\n though we consider the use of this vector unlikely\n because any such attack would require a significant\n privilege level and be easily traceable.(CVE-2020-8619)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1242\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?39b69ab0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bind package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-export-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-libs-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-pkcs11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-bind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"bind-9.11.4-17.h8.eulerosv2r9\",\n \"bind-chroot-9.11.4-17.h8.eulerosv2r9\",\n \"bind-export-libs-9.11.4-17.h8.eulerosv2r9\",\n \"bind-libs-9.11.4-17.h8.eulerosv2r9\",\n \"bind-libs-lite-9.11.4-17.h8.eulerosv2r9\",\n \"bind-pkcs11-9.11.4-17.h8.eulerosv2r9\",\n \"bind-utils-9.11.4-17.h8.eulerosv2r9\",\n \"python3-bind-9.11.4-17.h8.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2022-06-16T14:54:44", "description": "According to the version of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1:\n Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk ('*') character, this defect cannot be encountered. A would-be attacker who is allowed to change zone content could theoretically introduce such a record in order to exploit this condition to cause denial of service, though we consider the use of this vector unlikely because any such attack would require a significant privilege level and be easily traceable.(CVE-2020-8619)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 4.9, "vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}, "published": "2021-02-05T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : bind (EulerOS-SA-2021-1261)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8619"], "modified": "2021-04-19T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:bind", "p-cpe:/a:huawei:euleros:bind-chroot", "p-cpe:/a:huawei:euleros:bind-export-libs", "p-cpe:/a:huawei:euleros:bind-libs", "p-cpe:/a:huawei:euleros:bind-libs-lite", "p-cpe:/a:huawei:euleros:bind-pkcs11", "p-cpe:/a:huawei:euleros:bind-utils", "p-cpe:/a:huawei:euleros:python3-bind", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1261.NASL", "href": "https://www.tenable.com/plugins/nessus/146237", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146237);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/19\");\n\n script_cve_id(\n \"CVE-2020-8619\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : bind (EulerOS-SA-2021-1261)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the bind packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND\n 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND\n Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1:\n Unless a nameserver is providing authoritative service\n for one or more zones and at least one zone contains an\n empty non-terminal entry containing an asterisk ('*')\n character, this defect cannot be encountered. A\n would-be attacker who is allowed to change zone content\n could theoretically introduce such a record in order to\n exploit this condition to cause denial of service,\n though we consider the use of this vector unlikely\n because any such attack would require a significant\n privilege level and be easily traceable.(CVE-2020-8619)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1261\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7c429be2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bind package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-export-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-libs-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-pkcs11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-bind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"bind-9.11.4-17.h8.eulerosv2r9\",\n \"bind-chroot-9.11.4-17.h8.eulerosv2r9\",\n \"bind-export-libs-9.11.4-17.h8.eulerosv2r9\",\n \"bind-libs-9.11.4-17.h8.eulerosv2r9\",\n \"bind-libs-lite-9.11.4-17.h8.eulerosv2r9\",\n \"bind-pkcs11-9.11.4-17.h8.eulerosv2r9\",\n \"bind-utils-9.11.4-17.h8.eulerosv2r9\",\n \"python3-bind-9.11.4-17.h8.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2022-06-16T15:37:45", "description": "Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine.\n\nCVE-2020-9484\n\nWhen using Apache Tomcat and an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter='null' (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed.\n\nCVE-2020-11996\n\nA specially crafted sequence of HTTP/2 requests sent to Apache Tomcat could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.\n\nFor Debian 9 stretch, these problems have been fixed in version 8.5.54-0+deb9u2.\n\nWe recommend that you upgrade your tomcat8 packages.\n\nFor the detailed security status of tomcat8 please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/tomcat8\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-07-14T00:00:00", "type": "nessus", "title": "Debian DLA-2279-1 : tomcat8 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11996", "CVE-2020-9484"], "modified": "2021-06-03T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libservlet3.1-java", "p-cpe:/a:debian:debian_linux:libservlet3.1-java-doc", "p-cpe:/a:debian:debian_linux:libtomcat8-embed-java", "p-cpe:/a:debian:debian_linux:libtomcat8-java", "p-cpe:/a:debian:debian_linux:tomcat8", "p-cpe:/a:debian:debian_linux:tomcat8-admin", "p-cpe:/a:debian:debian_linux:tomcat8-common", "p-cpe:/a:debian:debian_linux:tomcat8-docs", "p-cpe:/a:debian:debian_linux:tomcat8-examples", "p-cpe:/a:debian:debian_linux:tomcat8-user", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2279.NASL", "href": "https://www.tenable.com/plugins/nessus/138393", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2279-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138393);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/03\");\n\n script_cve_id(\"CVE-2020-11996\", \"CVE-2020-9484\");\n script_xref(name:\"IAVA\", value:\"2020-A-0292-S\");\n\n script_name(english:\"Debian DLA-2279-1 : tomcat8 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several security vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine.\n\nCVE-2020-9484\n\nWhen using Apache Tomcat and an attacker is able to control the\ncontents and name of a file on the server; and b) the server is\nconfigured to use the PersistenceManager with a FileStore; and c) the\nPersistenceManager is configured with\nsessionAttributeValueClassNameFilter='null' (the default unless a\nSecurityManager is used) or a sufficiently lax filter to allow the\nattacker provided object to be deserialized; and d) the attacker knows\nthe relative file path from the storage location used by FileStore to\nthe file the attacker has control over; then, using a specifically\ncrafted request, the attacker will be able to trigger remote code\nexecution via deserialization of the file under their control. Note\nthat all of conditions a) to d) must be true for the attack to\nsucceed.\n\nCVE-2020-11996\n\nA specially crafted sequence of HTTP/2 requests sent to Apache Tomcat\ncould trigger high CPU usage for several seconds. If a sufficient\nnumber of such requests were made on concurrent HTTP/2 connections,\nthe server could become unresponsive.\n\nFor Debian 9 stretch, these problems have been fixed in version\n8.5.54-0+deb9u2.\n\nWe recommend that you upgrade your tomcat8 packages.\n\nFor the detailed security status of tomcat8 please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/tomcat8\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/tomcat8\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/tomcat8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9484\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libservlet3.1-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libservlet3.1-java-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtomcat8-embed-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtomcat8-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat8-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat8-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat8-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat8-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat8-user\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"libservlet3.1-java\", reference:\"8.5.54-0+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libservlet3.1-java-doc\", reference:\"8.5.54-0+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libtomcat8-embed-java\", reference:\"8.5.54-0+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libtomcat8-java\", reference:\"8.5.54-0+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"tomcat8\", reference:\"8.5.54-0+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"tomcat8-admin\", reference:\"8.5.54-0+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"tomcat8-common\", reference:\"8.5.54-0+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"tomcat8-docs\", reference:\"8.5.54-0+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"tomcat8-examples\", reference:\"8.5.54-0+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"tomcat8-user\", reference:\"8.5.54-0+deb9u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T14:51:33", "description": "According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1:\n Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk ('*') character, this defect cannot be encountered. A would-be attacker who is allowed to change zone content could theoretically introduce such a record in order to exploit this condition to cause denial of service, though we consider the use of this vector unlikely because any such attack would require a significant privilege level and be easily traceable.(CVE-2020-8619)\n\n - In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone.(CVE-2020-8624)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 4.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}, "published": "2021-02-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : bind (EulerOS-SA-2021-1134)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8619", "CVE-2020-8624"], "modified": "2021-02-04T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:bind", "p-cpe:/a:huawei:euleros:bind-chroot", "p-cpe:/a:huawei:euleros:bind-export-devel", "p-cpe:/a:huawei:euleros:bind-export-libs", "p-cpe:/a:huawei:euleros:bind-libs", "p-cpe:/a:huawei:euleros:bind-libs-lite", "p-cpe:/a:huawei:euleros:bind-license", "p-cpe:/a:huawei:euleros:bind-pkcs11", "p-cpe:/a:huawei:euleros:bind-pkcs11-libs", "p-cpe:/a:huawei:euleros:bind-pkcs11-utils", "p-cpe:/a:huawei:euleros:bind-utils", "p-cpe:/a:huawei:euleros:python3-bind", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1134.NASL", "href": "https://www.tenable.com/plugins/nessus/145782", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145782);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/04\");\n\n script_cve_id(\n \"CVE-2020-8619\",\n \"CVE-2020-8624\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : bind (EulerOS-SA-2021-1134)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the bind packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND\n 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND\n Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1:\n Unless a nameserver is providing authoritative service\n for one or more zones and at least one zone contains an\n empty non-terminal entry containing an asterisk ('*')\n character, this defect cannot be encountered. A\n would-be attacker who is allowed to change zone content\n could theoretically introduce such a record in order to\n exploit this condition to cause denial of service,\n though we consider the use of this vector unlikely\n because any such attack would require a significant\n privilege level and be easily traceable.(CVE-2020-8619)\n\n - In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 ->\n 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also\n affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1\n of the BIND 9 Supported Preview Edition, An attacker\n who has been granted privileges to change a specific\n subset of the zone's content could abuse these\n unintended additional privileges to update other\n contents of the zone.(CVE-2020-8624)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1134\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e8eba202\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bind packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8624\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-export-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-export-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-libs-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-license\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-pkcs11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-pkcs11-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-pkcs11-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-bind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"bind-9.11.4-10.P2.h24.eulerosv2r8\",\n \"bind-chroot-9.11.4-10.P2.h24.eulerosv2r8\",\n \"bind-export-devel-9.11.4-10.P2.h24.eulerosv2r8\",\n \"bind-export-libs-9.11.4-10.P2.h24.eulerosv2r8\",\n \"bind-libs-9.11.4-10.P2.h24.eulerosv2r8\",\n \"bind-libs-lite-9.11.4-10.P2.h24.eulerosv2r8\",\n \"bind-license-9.11.4-10.P2.h24.eulerosv2r8\",\n \"bind-pkcs11-9.11.4-10.P2.h24.eulerosv2r8\",\n \"bind-pkcs11-libs-9.11.4-10.P2.h24.eulerosv2r8\",\n \"bind-pkcs11-utils-9.11.4-10.P2.h24.eulerosv2r8\",\n \"bind-utils-9.11.4-10.P2.h24.eulerosv2r8\",\n \"python3-bind-9.11.4-10.P2.h24.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2022-06-16T14:58:45", "description": "According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in bind when an asterisk character is present in an empty non-terminal location within the DNS graph. This flaw could trigger an assertion failure, causing bind to crash. The highest threat from this vulnerability is to system availability.(CVE-2020-8619)\n\n - BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch(CVE-2020-8625)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-04-15T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.0 : bind (EulerOS-SA-2021-1739)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8619", "CVE-2020-8625"], "modified": "2021-04-20T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:bind", "p-cpe:/a:huawei:euleros:bind-export-libs", "p-cpe:/a:huawei:euleros:bind-libs", "p-cpe:/a:huawei:euleros:bind-libs-lite", "p-cpe:/a:huawei:euleros:bind-utils", "p-cpe:/a:huawei:euleros:python3-bind", "cpe:/o:huawei:euleros:uvp:2.9.0"], "id": "EULEROS_SA-2021-1739.NASL", "href": "https://www.tenable.com/plugins/nessus/148575", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148575);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/20\");\n\n script_cve_id(\n \"CVE-2020-8619\",\n \"CVE-2020-8625\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.9.0 : bind (EulerOS-SA-2021-1739)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the bind packages installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - A flaw was found in bind when an asterisk character is\n present in an empty non-terminal location within the\n DNS graph. This flaw could trigger an assertion\n failure, causing bind to crash. The highest threat from\n this vulnerability is to system\n availability.(CVE-2020-8619)\n\n - BIND servers are vulnerable if they are running an\n affected version and are configured to use GSS-TSIG\n features. In a configuration which uses BIND's default\n settings the vulnerable code path is not exposed, but a\n server can be rendered vulnerable by explicitly setting\n valid values for the tkey-gssapi-keytab or\n tkey-gssapi-credentialconfiguration options. Although\n the default configuration is not vulnerable, GSS-TSIG\n is frequently used in networks where BIND is integrated\n with Samba, as well as in mixed-server environments\n that combine BIND servers with Active Directory domain\n controllers. The most likely outcome of a successful\n exploitation of the vulnerability is a crash of the\n named process. However, remote code execution, while\n unproven, is theoretically possible. Affects: BIND\n 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND\n 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of\n BIND Supported Preview Edition. Also release versions\n 9.17.0 -> 9.17.1 of the BIND 9.17 development\n branch(CVE-2020-8625)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1739\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bcd1b7d3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bind packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-export-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-libs-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-bind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"bind-9.11.4-17.h11.eulerosv2r9\",\n \"bind-export-libs-9.11.4-17.h11.eulerosv2r9\",\n \"bind-libs-9.11.4-17.h11.eulerosv2r9\",\n \"bind-libs-lite-9.11.4-17.h11.eulerosv2r9\",\n \"bind-utils-9.11.4-17.h11.eulerosv2r9\",\n \"python3-bind-9.11.4-17.h11.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T14:59:49", "description": "According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in bind when an asterisk character is present in an empty non-terminal location within the DNS graph. This flaw could trigger an assertion failure, causing bind to crash. The highest threat from this vulnerability is to system availability.(CVE-2020-8619)\n\n - BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch(CVE-2020-8625)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-04-15T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.1 : bind (EulerOS-SA-2021-1725)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8619", "CVE-2020-8625"], "modified": "2021-04-20T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:bind", "p-cpe:/a:huawei:euleros:bind-export-libs", "p-cpe:/a:huawei:euleros:bind-libs", "p-cpe:/a:huawei:euleros:bind-libs-lite", "p-cpe:/a:huawei:euleros:bind-utils", "p-cpe:/a:huawei:euleros:python3-bind", "cpe:/o:huawei:euleros:uvp:2.9.1"], "id": "EULEROS_SA-2021-1725.NASL", "href": "https://www.tenable.com/plugins/nessus/148611", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148611);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/20\");\n\n script_cve_id(\n \"CVE-2020-8619\",\n \"CVE-2020-8625\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.9.1 : bind (EulerOS-SA-2021-1725)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the bind packages installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - A flaw was found in bind when an asterisk character is\n present in an empty non-terminal location within the\n DNS graph. This flaw could trigger an assertion\n failure, causing bind to crash. The highest threat from\n this vulnerability is to system\n availability.(CVE-2020-8619)\n\n - BIND servers are vulnerable if they are running an\n affected version and are configured to use GSS-TSIG\n features. In a configuration which uses BIND's default\n settings the vulnerable code path is not exposed, but a\n server can be rendered vulnerable by explicitly setting\n valid values for the tkey-gssapi-keytab or\n tkey-gssapi-credentialconfiguration options. Although\n the default configuration is not vulnerable, GSS-TSIG\n is frequently used in networks where BIND is integrated\n with Samba, as well as in mixed-server environments\n that combine BIND servers with Active Directory domain\n controllers. The most likely outcome of a successful\n exploitation of the vulnerability is a crash of the\n named process. However, remote code execution, while\n unproven, is theoretically possible. Affects: BIND\n 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND\n 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of\n BIND Supported Preview Edition. Also release versions\n 9.17.0 -> 9.17.1 of the BIND 9.17 development\n branch(CVE-2020-8625)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1725\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?26c11cb3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bind packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-export-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-libs-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-bind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"bind-9.11.4-17.h11.eulerosv2r9\",\n \"bind-export-libs-9.11.4-17.h11.eulerosv2r9\",\n \"bind-libs-9.11.4-17.h11.eulerosv2r9\",\n \"bind-libs-lite-9.11.4-17.h11.eulerosv2r9\",\n \"bind-utils-9.11.4-17.h11.eulerosv2r9\",\n \"python3-bind-9.11.4-17.h11.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-13T16:49:36", "description": "The Apache Software Foundation reports :\n\nAn h2c direct connection did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service.\n\nThe payload length in a WebSocket frame was not correctly validated.\nInvalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.\n\nA specially crafted sequence of HTTP/2 requests could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-07-27T00:00:00", "type": "nessus", "title": "FreeBSD : Apache Tomcat -- Multiple Vulnerabilities (6a72eff7-ccd6-11ea-9172-4c72b94353b5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11996", "CVE-2020-13934", "CVE-2020-13935"], "modified": "2020-10-16T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:tomcat-devel", "p-cpe:/a:freebsd:freebsd:tomcat7", "p-cpe:/a:freebsd:freebsd:tomcat85", "p-cpe:/a:freebsd:freebsd:tomcat9", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_6A72EFF7CCD611EA91724C72B94353B5.NASL", "href": "https://www.tenable.com/plugins/nessus/138923", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138923);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/16\");\n\n script_cve_id(\"CVE-2020-11996\", \"CVE-2020-13934\", \"CVE-2020-13935\");\n script_xref(name:\"IAVA\", value:\"2020-A-0316-S\");\n\n script_name(english:\"FreeBSD : Apache Tomcat -- Multiple Vulnerabilities (6a72eff7-ccd6-11ea-9172-4c72b94353b5)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The Apache Software Foundation reports :\n\nAn h2c direct connection did not release the HTTP/1.1 processor after\nthe upgrade to HTTP/2. If a sufficient number of such requests were\nmade, an OutOfMemoryException could occur leading to a denial of\nservice.\n\nThe payload length in a WebSocket frame was not correctly validated.\nInvalid payload lengths could trigger an infinite loop. Multiple\nrequests with invalid payload lengths could lead to a denial of\nservice.\n\nA specially crafted sequence of HTTP/2 requests could trigger high CPU\nusage for several seconds. If a sufficient number of such requests\nwere made on concurrent HTTP/2 connections, the server could become\nunresponsive.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://tomcat.apache.org/security-7.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tomcat.apache.org/security-8.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tomcat.apache.org/security-9.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tomcat.apache.org/security-10.html\");\n # https://vuxml.freebsd.org/freebsd/6a72eff7-ccd6-11ea-9172-4c72b94353b5.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?77a4ef62\");\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tomcat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tomcat85\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tomcat9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/27\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"tomcat7<7.0.105\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tomcat85<8.5.57\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tomcat9<9.0.37\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tomcat-devel<10.0.0.M7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-13T18:30:12", "description": "According to its self-reported version number, the version of JFrog Artifactory installed on the remote host is prior to 7.7.0. It is, therefore, affected by multiple vulnerabilities:\n\n - An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service. (CVE-2020-13934)\n\n - The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop.\n Multiple requests with invalid payload lengths could lead to a denial of service. (CVE-2020-13935)\n\n - A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive. (CVE-2020-11996)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2021-03-12T00:00:00", "type": "nessus", "title": "JFrog < 7.7.0 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11996", "CVE-2020-13934", "CVE-2020-13935"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:jfrog:artifactory"], "id": "JFROG_ARTIFACTORY_7_7_0.NASL", "href": "https://www.tenable.com/plugins/nessus/147719", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147719);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2020-11996\", \"CVE-2020-13934\", \"CVE-2020-13935\");\n\n script_name(english:\"JFrog < 7.7.0 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"Determines if the remote JFrog Artifactory installation is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the version of JFrog Artifactory installed on the remote host is prior\nto 7.7.0. It is, therefore, affected by multiple vulnerabilities:\n\n - An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not \n release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, \n an OutOfMemoryException could occur leading to a denial of service. (CVE-2020-13934)\n\n - The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, \n 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop.\n Multiple requests with invalid payload lengths could lead to a denial of service. (CVE-2020-13935)\n\n - A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 \n and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were \n made on concurrent HTTP/2 connections, the server could become unresponsive. (CVE-2020-11996)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://www.jfrog.com/confluence/display/JFROG/Fixed+Security+Vulnerabilities\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8dc55d3d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to JFrog Artifactory 7.7.0 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13935\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:jfrog:artifactory\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"jfrog_artifactory_win_installed.nbin\", \"jfrog_artifactory_nix_installed.nbin\", \"os_fingerprint.nasl\");\n script_require_keys(\"installed_sw/Artifactory\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nwin_local = FALSE;\nos = get_kb_item('Host/OS');\nif ('windows' >< tolower(os)) win_local = TRUE;\n\napp_info = vcf::get_app_info(app:'Artifactory', win_local:win_local);\n\nconstraints = [\n { 'min_version' : '7.0', 'fixed_version' : '7.7.0' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:05:19", "description": "According to the versions of the bind packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with '--enable-native-pkcs11' * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker(CVE-2020-8623)\n\n - In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone.(CVE-2020-8624)\n\n - In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1:\n Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk ('*') character, this defect cannot be encountered. A would-be attacker who is allowed to change zone content could theoretically introduce such a record in order to exploit this condition to cause denial of service, though we consider the use of this vector unlikely because any such attack would require a significant privilege level and be easily traceable.(CVE-2020-8619)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 4.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}, "published": "2021-03-04T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.6.0 : bind (EulerOS-SA-2021-1532)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8619", "CVE-2020-8623", "CVE-2020-8624"], "modified": "2021-03-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:bind-export-libs", "p-cpe:/a:huawei:euleros:bind-libs", "p-cpe:/a:huawei:euleros:bind-libs-lite", "p-cpe:/a:huawei:euleros:bind-license", "p-cpe:/a:huawei:euleros:bind-utils", "p-cpe:/a:huawei:euleros:python3-bind", "cpe:/o:huawei:euleros:uvp:3.0.6.0"], "id": "EULEROS_SA-2021-1532.NASL", "href": "https://www.tenable.com/plugins/nessus/147084", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147084);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/08\");\n\n script_cve_id(\n \"CVE-2020-8619\",\n \"CVE-2020-8623\",\n \"CVE-2020-8624\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.6.0 : bind (EulerOS-SA-2021-1532)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the bind packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerabilities :\n\n - In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 ->\n 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the\n BIND 9 Supported Preview Edition, An attacker that can\n reach a vulnerable system with a specially crafted\n query packet can trigger a crash. To be vulnerable, the\n system must: * be running BIND that was built with\n '--enable-native-pkcs11' * be signing one or more zones\n with an RSA key * be able to receive queries from a\n possible attacker(CVE-2020-8623)\n\n - In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 ->\n 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also\n affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1\n of the BIND 9 Supported Preview Edition, An attacker\n who has been granted privileges to change a specific\n subset of the zone's content could abuse these\n unintended additional privileges to update other\n contents of the zone.(CVE-2020-8624)\n\n - In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND\n 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND\n Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1:\n Unless a nameserver is providing authoritative service\n for one or more zones and at least one zone contains an\n empty non-terminal entry containing an asterisk ('*')\n character, this defect cannot be encountered. A\n would-be attacker who is allowed to change zone content\n could theoretically introduce such a record in order to\n exploit this condition to cause denial of service,\n though we consider the use of this vector unlikely\n because any such attack would require a significant\n privilege level and be easily traceable.(CVE-2020-8619)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1532\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f60a63ff\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bind packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8624\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-export-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-libs-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-license\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-bind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"bind-export-libs-9.11.4-10.P2.h24.eulerosv2r8\",\n \"bind-libs-9.11.4-10.P2.h24.eulerosv2r8\",\n \"bind-libs-lite-9.11.4-10.P2.h24.eulerosv2r8\",\n \"bind-license-9.11.4-10.P2.h24.eulerosv2r8\",\n \"bind-utils-9.11.4-10.P2.h24.eulerosv2r8\",\n \"python3-bind-9.11.4-10.P2.h24.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2022-06-16T15:39:09", "description": "Several vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in code execution or denial of service.", "cvss3": {"score": 7, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-07-20T00:00:00", "type": "nessus", "title": "Debian DSA-4727-1 : tomcat9 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11996", "CVE-2020-13934", "CVE-2020-13935", "CVE-2020-9484"], "modified": "2021-01-25T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:tomcat9", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4727.NASL", "href": "https://www.tenable.com/plugins/nessus/138647", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4727. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138647);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/25\");\n\n script_cve_id(\"CVE-2020-11996\", \"CVE-2020-13934\", \"CVE-2020-13935\", \"CVE-2020-9484\");\n script_xref(name:\"DSA\", value:\"4727\");\n script_xref(name:\"IAVA\", value:\"2020-A-0316-S\");\n\n script_name(english:\"Debian DSA-4727-1 : tomcat9 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities were discovered in the Tomcat servlet and JSP\nengine, which could result in code execution or denial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/tomcat9\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/tomcat9\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2020/dsa-4727\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the tomcat9 packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 9.0.31-1~deb10u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9484\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"libtomcat9-embed-java\", reference:\"9.0.31-1~deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libtomcat9-java\", reference:\"9.0.31-1~deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"tomcat9\", reference:\"9.0.31-1~deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"tomcat9-admin\", reference:\"9.0.31-1~deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"tomcat9-common\", reference:\"9.0.31-1~deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"tomcat9-docs\", reference:\"9.0.31-1~deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"tomcat9-examples\", reference:\"9.0.31-1~deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"tomcat9-user\", reference:\"9.0.31-1~deb10u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T15:39:38", "description": "According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.(CVE-2020-13935)\n\n - An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service.(CVE-2020-13934)\n\n - A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.(CVE-2020-11996)\n\n - When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server and b) the server is configured to use the PersistenceManager with a FileStore and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter='null' (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control.\n Note that all of conditions a) to d) must be true for the attack to succeed.(CVE-2020-9484)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-07-30T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : tomcat (EulerOS-SA-2020-1829)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11996", "CVE-2020-13934", "CVE-2020-13935", "CVE-2020-9484"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:tomcat", "p-cpe:/a:huawei:euleros:tomcat-admin-webapps", "p-cpe:/a:huawei:euleros:tomcat-el-3.0-api", "p-cpe:/a:huawei:euleros:tomcat-jsp-2.3-api", "p-cpe:/a:huawei:euleros:tomcat-lib", "p-cpe:/a:huawei:euleros:tomcat-servlet-4.0-api", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1829.NASL", "href": "https://www.tenable.com/plugins/nessus/139159", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139159);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-11996\",\n \"CVE-2020-13934\",\n \"CVE-2020-13935\",\n \"CVE-2020-9484\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : tomcat (EulerOS-SA-2020-1829)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the tomcat packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The payload length in a WebSocket frame was not\n correctly validated in Apache Tomcat 10.0.0-M1 to\n 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and\n 7.0.27 to 7.0.104. Invalid payload lengths could\n trigger an infinite loop. Multiple requests with\n invalid payload lengths could lead to a denial of\n service.(CVE-2020-13935)\n\n - An h2c direct connection to Apache Tomcat 10.0.0-M1 to\n 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did\n not release the HTTP/1.1 processor after the upgrade to\n HTTP/2. If a sufficient number of such requests were\n made, an OutOfMemoryException could occur leading to a\n denial of service.(CVE-2020-13934)\n\n - A specially crafted sequence of HTTP/2 requests sent to\n Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to\n 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage\n for several seconds. If a sufficient number of such\n requests were made on concurrent HTTP/2 connections,\n the server could become unresponsive.(CVE-2020-11996)\n\n - When using Apache Tomcat versions 10.0.0-M1 to\n 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and\n 7.0.0 to 7.0.103 if a) an attacker is able to control\n the contents and name of a file on the server and b)\n the server is configured to use the PersistenceManager\n with a FileStore and c) the PersistenceManager is\n configured with\n sessionAttributeValueClassNameFilter='null' (the\n default unless a SecurityManager is used) or a\n sufficiently lax filter to allow the attacker provided\n object to be deserialized and d) the attacker knows the\n relative file path from the storage location used by\n FileStore to the file the attacker has control over\n then, using a specifically crafted request, the\n attacker will be able to trigger remote code execution\n via deserialization of the file under their control.\n Note that all of conditions a) to d) must be true for\n the attack to succeed.(CVE-2020-9484)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1829\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?542740fa\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tomcat packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9484\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-el-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-jsp-2.3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-servlet-4.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"tomcat-9.0.10-1.h9.eulerosv2r8\",\n \"tomcat-admin-webapps-9.0.10-1.h9.eulerosv2r8\",\n \"tomcat-el-3.0-api-9.0.10-1.h9.eulerosv2r8\",\n \"tomcat-jsp-2.3-api-9.0.10-1.h9.eulerosv2r8\",\n \"tomcat-lib-9.0.10-1.h9.eulerosv2r8\",\n \"tomcat-servlet-4.0-api-9.0.10-1.h9.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat\");\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-16T15:30:59", "description": "The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4596-1 advisory.\n\n - When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter=null (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed. (CVE-2020-9484)\n\n - A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.\n (CVE-2020-11996)\n\n - An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service. (CVE-2020-13934)\n\n - The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. (CVE-2020-13935)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-10-24T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS : Tomcat vulnerabilities (USN-4596-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11996", "CVE-2020-13934", "CVE-2020-13935", "CVE-2020-9484"], "modified": "2020-11-24T00:00:00", "cpe": ["cpe:2.3:o:canonical:ubuntu_linux:20.04:-:lts:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:libtomcat9-java:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:tomcat9:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:libtomcat9-embed-java:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:tomcat9-admin:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:tomcat9-common:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:tomcat9-examples:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:tomcat9-user:*:*:*:*:*:*:*"], "id": "UBUNTU_USN-4596-1.NASL", "href": "https://www.tenable.com/plugins/nessus/141862", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4596-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141862);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/24\");\n\n script_cve_id(\n \"CVE-2020-9484\",\n \"CVE-2020-11996\",\n \"CVE-2020-13934\",\n \"CVE-2020-13935\"\n );\n script_xref(name:\"USN\", value:\"4596-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS : Tomcat vulnerabilities (USN-4596-1)\");\n script_summary(english:\"Checks the dpkg output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe USN-4596-1 advisory.\n\n - When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to\n 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the\n server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is\n configured with sessionAttributeValueClassNameFilter=null (the default unless a SecurityManager is used)\n or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker\n knows the relative file path from the storage location used by FileStore to the file the attacker has\n control over; then, using a specifically crafted request, the attacker will be able to trigger remote code\n execution via deserialization of the file under their control. Note that all of conditions a) to d) must\n be true for the attack to succeed. (CVE-2020-9484)\n\n - A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to\n 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of\n such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.\n (CVE-2020-11996)\n\n - An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56\n did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such\n requests were made, an OutOfMemoryException could occur leading to a denial of service. (CVE-2020-13934)\n\n - The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to\n 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could\n trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of\n service. (CVE-2020-13935)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4596-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9484\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtomcat9-embed-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtomcat9-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat9-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat9-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat9-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat9-user\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\npkgs = [\n {'osver': '20.04', 'pkgname': 'libtomcat9-embed-java', 'pkgver': '9.0.31-1ubuntu0.1'},\n {'osver': '20.04', 'pkgname': 'libtomcat9-java', 'pkgver': '9.0.31-1ubuntu0.1'},\n {'osver': '20.04', 'pkgname': 'tomcat9', 'pkgver': '9.0.31-1ubuntu0.1'},\n {'osver': '20.04', 'pkgname': 'tomcat9-admin', 'pkgver': '9.0.31-1ubuntu0.1'},\n {'osver': '20.04', 'pkgname': 'tomcat9-common', 'pkgver': '9.0.31-1ubuntu0.1'},\n {'osver': '20.04', 'pkgname': 'tomcat9-examples', 'pkgver': '9.0.31-1ubuntu0.1'},\n {'osver': '20.04', 'pkgname': 'tomcat9-user', 'pkgver': '9.0.31-1ubuntu0.1'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libtomcat9-embed-java / libtomcat9-java / tomcat9 / tomcat9-admin / etc');\n}", "cvss": {"score": 4.4, "vector": "CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-23T15:13:46", "description": "This update for bind fixes the following issues :\n\nBIND was upgraded to version 9.16.6 :\n\nNote :\n\nbind is now more strict in regards to DNSSEC. If queries are not working, check for DNSSEC issues. For instance, if bind is used in a namserver forwarder chain, the forwarding DNS servers must support DNSSEC.\n\nFixing security issues :\n\nCVE-2020-8616: Further limit the number of queries that can be triggered from a request. Root and TLD servers are no longer exempt from max-recursion-queries. Fetches for missing name server.\n(bsc#1171740) Address records are limited to 4 for any domain.\n\nCVE-2020-8617: Replaying a TSIG BADTIME response as a request could trigger an assertion failure. (bsc#1171740)\n\nCVE-2019-6477: Fixed an issue where TCP-pipelined queries could bypass the tcp-clients limit (bsc#1157051).\n\nCVE-2018-5741: Fixed the documentation (bsc#1109160).\n\nCVE-2020-8618: It was possible to trigger an INSIST when determining whether a record would fit into a TCP message buffer (bsc#1172958).\n\nCVE-2020-8619: It was possible to trigger an INSIST in lib/dns/rbtdb.c:new_reference() with a particular zone content and query patterns (bsc#1172958).\n\nCVE-2020-8624: 'update-policy' rules of type 'subdomain' were incorrectly treated as 'zonesub' rules, which allowed keys used in 'subdomain' rules to update names outside of the specified subdomains.\nThe problem was fixed by making sure 'subdomain' rules are again processed as described in the ARM (bsc#1175443).\n\nCVE-2020-8623: When BIND 9 was compiled with native PKCS#11 support, it was possible to trigger an assertion failure in code determining the number of bits in the PKCS#11 RSA public key with a specially crafted packet (bsc#1175443).\n\nCVE-2020-8621: named could crash in certain query resolution scenarios where QNAME minimization and forwarding were both enabled (bsc#1175443).\n\nCVE-2020-8620: It was possible to trigger an assertion failure by sending a specially crafted large TCP DNS message (bsc#1175443).\n\nCVE-2020-8622: It was possible to trigger an assertion failure when verifying the response to a TSIG-signed request (bsc#1175443).\n\nOther issues fixed :\n\nAdd engine support to OpenSSL EdDSA implementation.\n\nAdd engine support to OpenSSL ECDSA implementation.\n\nUpdate PKCS#11 EdDSA implementation to PKCS#11 v3.0.\n\nWarn about AXFR streams with inconsistent message IDs.\n\nMake ISC rwlock implementation the default again.\n\nFixed issues when using cookie-secrets for AES and SHA2 (bsc#1161168)\n\nInstalled the default files in /var/lib/named and created chroot environment on systems using transactional-updates (bsc#1100369, fate#325524)\n\nFixed an issue where bind was not working in FIPS mode (bsc#906079).\n\nFixed dependency issues (bsc#1118367 and bsc#1118368).\n\nGeoIP support is now discontinued, now GeoIP2 is used(bsc#1156205).\n\nFixed an issue with FIPS (bsc#1128220).\n\nThe liblwres library is discontinued upstream and is no longer included.\n\nAdded service dependency on NTP to make sure the clock is accurate when bind is starts (bsc#1170667, bsc#1170713).\n\nReject DS records at the zone apex when loading master files. Log but otherwise ignore attempts to add DS records at the zone apex via UPDATE.\n\nThe default value of 'max-stale-ttl' has been changed from 1 week to 12 hours.\n\nZone timers are now exported via statistics channel.\n\nThe 'primary' and 'secondary' keywords, when used as parameters for 'check-names', were not processed correctly and were being ignored.\n\n'rndc dnstap -roll <value>' did not limit the number of saved files to <value>.\n\nAdd 'rndc dnssec -status' command.\n\nAddressed a couple of situations where named could crash.\n\nChanged /var/lib/named to owner root:named and perms rwxrwxr-t so that named, being a/the only member of the 'named' group has full r/w access yet cannot change directories owned by root in the case of a compromized named. [bsc#1173307, bind-chrootenv.conf]\n\nAdded '/etc/bind.keys' to NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named to suppress warning message re missing file (bsc#1173983).\n\nRemoved '-r /dev/urandom' from all invocations of rndc-confgen (init/named system/lwresd.init system/named.init in vendor-files) as this option is deprecated and causes rndc-confgen to fail.\n(bsc#1173311, bsc#1176674, bsc#1170713)\n\n/usr/bin/genDDNSkey: Removing the use of the -r option in the call of /usr/sbin/dnssec-keygen as BIND now uses the random number functions provided by the crypto library (i.e., OpenSSL or a PKCS#11 provider) as a source of randomness rather than /dev/random. Therefore the -r command line option no longer has any effect on dnssec-keygen. Leaving the option in genDDNSkey as to not break compatibility. Patch provided by Stefan Eisenwiener. [bsc#1171313]\n\nPut libns into a separate subpackage to avoid file conflicts in the libisc subpackage due to different sonums (bsc#1176092).\n\nRequire /sbin/start_daemon: both init scripts, the one used in systemd context as well as legacy sysv, make use of start_daemon.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : bind (SUSE-SU-2020:2914-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3136", "CVE-2018-5741", "CVE-2019-6477", "CVE-2020-8616", "CVE-2020-8617", "CVE-2020-8618", "CVE-2020-8619", "CVE-2020-8620", "CVE-2020-8621", "CVE-2020-8622", "CVE-2020-8623", "CVE-2020-8624"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:bind", "p-cpe:/a:novell:suse_linux:bind-chrootenv", "p-cpe:/a:novell:suse_linux:bind-debuginfo", "p-cpe:/a:novell:suse_linux:bind-debugsource", "p-cpe:/a:novell:suse_linux:bind-devel", "p-cpe:/a:novell:suse_linux:bind-utils", "p-cpe:/a:novell:suse_linux:bind-utils-debuginfo", "p-cpe:/a:novell:suse_linux:libbind9", "p-cpe:/a:novell:suse_linux:libbind9-1600-debuginfo", "p-cpe:/a:novell:suse_linux:libdns1605", "p-cpe:/a:novell:suse_linux:libdns1605-debuginfo", "p-cpe:/a:novell:suse_linux:libirs-devel", "p-cpe:/a:novell:suse_linux:libirs1601", "p-cpe:/a:novell:suse_linux:libirs1601-debuginfo", "p-cpe:/a:novell:suse_linux:libisc1606", "p-cpe:/a:novell:suse_linux:libisc1606-debuginfo", "p-cpe:/a:novell:suse_linux:libisccc1600", "p-cpe:/a:novell:suse_linux:libisccc1600-debuginfo", "p-cpe:/a:novell:suse_linux:libisccfg1600", "p-cpe:/a:novell:suse_linux:libisccfg1600-debuginfo", "p-cpe:/a:novell:suse_linux:libns1604", "p-cpe:/a:novell:suse_linux:libns1604-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-2914-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143842", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2914-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143842);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2017-3136\",\n \"CVE-2018-5741\",\n \"CVE-2019-6477\",\n \"CVE-2020-8616\",\n \"CVE-2020-8617\",\n \"CVE-2020-8618\",\n \"CVE-2020-8619\",\n \"CVE-2020-8620\",\n \"CVE-2020-8621\",\n \"CVE-2020-8622\",\n \"CVE-2020-8623\",\n \"CVE-2020-8624\"\n );\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : bind (SUSE-SU-2020:2914-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for bind fixes the following issues :\n\nBIND was upgraded to version 9.16.6 :\n\nNote :\n\nbind is now more strict in regards to DNSSEC. If queries are not\nworking, check for DNSSEC issues. For instance, if bind is used in a\nnamserver forwarder chain, the forwarding DNS servers must support\nDNSSEC.\n\nFixing security issues :\n\nCVE-2020-8616: Further limit the number of queries that can be\ntriggered from a request. Root and TLD servers are no longer exempt\nfrom max-recursion-queries. Fetches for missing name server.\n(bsc#1171740) Address records are limited to 4 for any domain.\n\nCVE-2020-8617: Replaying a TSIG BADTIME response as a request could\ntrigger an assertion failure. (bsc#1171740)\n\nCVE-2019-6477: Fixed an issue where TCP-pipelined queries could bypass\nthe tcp-clients limit (bsc#1157051).\n\nCVE-2018-5741: Fixed the documentation (bsc#1109160).\n\nCVE-2020-8618: It was possible to trigger an INSIST when determining\nwhether a record would fit into a TCP message buffer (bsc#1172958).\n\nCVE-2020-8619: It was possible to trigger an INSIST in\nlib/dns/rbtdb.c:new_reference() with a particular zone content and\nquery patterns (bsc#1172958).\n\nCVE-2020-8624: 'update-policy' rules of type 'subdomain' were\nincorrectly treated as 'zonesub' rules, which allowed keys used in\n'subdomain' rules to update names outside of the specified subdomains.\nThe problem was fixed by making sure 'subdomain' rules are again\nprocessed as described in the ARM (bsc#1175443).\n\nCVE-2020-8623: When BIND 9 was compiled with native PKCS#11 support,\nit was possible to trigger an assertion failure in code determining\nthe number of bits in the PKCS#11 RSA public key with a specially\ncrafted packet (bsc#1175443).\n\nCVE-2020-8621: named could crash in certain query resolution scenarios\nwhere QNAME minimization and forwarding were both enabled\n(bsc#1175443).\n\nCVE-2020-8620: It was possible to trigger an assertion failure by\nsending a specially crafted large TCP DNS message (bsc#1175443).\n\nCVE-2020-8622: It was possible to trigger an assertion failure when\nverifying the response to a TSIG-signed request (bsc#1175443).\n\nOther issues fixed :\n\nAdd engine support to OpenSSL EdDSA implementation.\n\nAdd engine support to OpenSSL ECDSA implementation.\n\nUpdate PKCS#11 EdDSA implementation to PKCS#11 v3.0.\n\nWarn about AXFR streams with inconsistent message IDs.\n\nMake ISC rwlock implementation the default again.\n\nFixed issues when using cookie-secrets for AES and SHA2 (bsc#1161168)\n\nInstalled the default files in /var/lib/named and created chroot\nenvironment on systems using transactional-updates (bsc#1100369,\nfate#325524)\n\nFixed an issue where bind was not working in FIPS mode (bsc#906079).\n\nFixed dependency issues (bsc#1118367 and bsc#1118368).\n\nGeoIP support is now discontinued, now GeoIP2 is used(bsc#1156205).\n\nFixed an issue with FIPS (bsc#1128220).\n\nThe liblwres library is discontinued upstream and is no longer\nincluded.\n\nAdded service dependency on NTP to make sure the clock is accurate\nwhen bind is starts (bsc#1170667, bsc#1170713).\n\nReject DS records at the zone apex when loading master files. Log but\notherwise ignore attempts to add DS records at the zone apex via\nUPDATE.\n\nThe default value of 'max-stale-ttl' has been changed from 1 week to\n12 hours.\n\nZone timers are now exported via statistics channel.\n\nThe 'primary' and 'secondary' keywords, when used as parameters for\n'check-names', were not processed correctly and were being ignored.\n\n'rndc dnstap -roll <value>' did not limit the number of saved files to\n<value>.\n\nAdd 'rndc dnssec -status' command.\n\nAddressed a couple of situations where named could crash.\n\nChanged /var/lib/named to owner root:named and perms rwxrwxr-t so that\nnamed, being a/the only member of the 'named' group has full r/w\naccess yet cannot change directories owned by root in the case of a\ncompromized named. [bsc#1173307, bind-chrootenv.conf]\n\nAdded '/etc/bind.keys' to NAMED_CONF_INCLUDE_FILES in\n/etc/sysconfig/named to suppress warning message re missing file\n(bsc#1173983).\n\nRemoved '-r /dev/urandom' from all invocations of rndc-confgen\n(init/named system/lwresd.init system/named.init in vendor-files) as\nthis option is deprecated and causes rndc-confgen to fail.\n(bsc#1173311, bsc#1176674, bsc#1170713)\n\n/usr/bin/genDDNSkey: Removing the use of the -r option in the call of\n/usr/sbin/dnssec-keygen as BIND now uses the random number functions\nprovided by the crypto library (i.e., OpenSSL or a PKCS#11 provider)\nas a source of randomness rather than /dev/random. Therefore the -r\ncommand line option no longer has any effect on dnssec-keygen. Leaving\nthe option in genDDNSkey as to not break compatibility. Patch provided\nby Stefan Eisenwiener. [bsc#1171313]\n\nPut libns into a separate subpackage to avoid file conflicts in the\nlibisc subpackage due to different sonums (bsc#1176092).\n\nRequire /sbin/start_daemon: both init scripts, the one used in systemd\ncontext as well as legacy sysv, make use of start_daemon.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1100369\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118367\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118368\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128220\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156205\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157051\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170667\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171313\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173307\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173311\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173983\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175443\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176092\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176674\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=906079\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-3136/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-5741/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-6477/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-8616/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-8617/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-8618/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-8619/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-8620/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-8621/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-8622/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-8623/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-8624/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202914-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?472daf12\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 15 :\n\nzypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2914=1\n\nSUSE Linux Enterprise Server 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-2020-2914=1\n\nSUSE Linux Enterprise Module for Server Applications 15-SP2 :\n\nzypper in -t patch\nSUSE-SLE-Module-Server-Applications-15-SP2-2020-2914=1\n\nSUSE Linux Enterprise Module for Server Applications 15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Server-Applications-15-SP1-2020-2914=1\n\nSUSE Linux Enterprise Module for Development Tools 15-SP2 :\n\nzypper in -t patch\nSUSE-SLE-Module-Development-Tools-15-SP2-2020-2914=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2914=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2914=1\n\nSUSE Linux Enterprise High Performance Computing 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2020-2914=1\n\nSUSE Linux Enterprise High Performance Computing 15-ESPOS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2020-2914=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8624\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-5741\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-chrootenv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libbind9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libbind9-1600-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdns1605\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdns1605-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libirs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libirs1601\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libirs1601-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libisc1606\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libisc1606-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libisccc1600\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libisccc1600-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libisccfg1600\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libisccfg1600-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libns1604\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libns1604-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1/2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1/2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"bind-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"bind-chrootenv-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"bind-debuginfo-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"bind-debugsource-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"bind-devel-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"bind-utils-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"bind-utils-debuginfo-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libbind9-1600-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libbind9-1600-debuginfo-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libdns1605-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libdns1605-debuginfo-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libirs-devel-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libirs1601-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libirs1601-debuginfo-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libisc1606-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libisc1606-debuginfo-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libisccc1600-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libisccc1600-debuginfo-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libisccfg1600-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libisccfg1600-debuginfo-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libns1604-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libns1604-debuginfo-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"bind-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"bind-chrootenv-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"bind-debuginfo-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"bind-debugsource-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"bind-devel-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"bind-utils-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"bind-utils-debuginfo-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libbind9-1600-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libbind9-1600-debuginfo-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libdns1605-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libdns1605-debuginfo-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libirs-devel-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libirs1601-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libirs1601-debuginfo-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libisc1606-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libisc1606-debuginfo-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libisccc1600-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libisccc1600-debuginfo-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libisccfg1600-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libisccfg1600-debuginfo-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libns1604-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libns1604-debuginfo-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"bind-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"bind-chrootenv-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"bind-debuginfo-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"bind-debugsource-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"bind-devel-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"bind-utils-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"bind-utils-debuginfo-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libbind9-1600-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libbind9-1600-debuginfo-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libdns1605-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libdns1605-debuginfo-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libirs-devel-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libirs1601-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libirs1601-debuginfo-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libisc1606-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libisc1606-debuginfo-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libisccc1600-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libisccc1600-debuginfo-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libisccfg1600-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libisccfg1600-debuginfo-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libns1604-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libns1604-debuginfo-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"bind-debuginfo-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"bind-debugsource-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"bind-devel-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"bind-utils-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"bind-utils-debuginfo-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libbind9-1600-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libbind9-1600-debuginfo-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libdns1605-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libdns1605-debuginfo-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libirs-devel-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libirs1601-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libirs1601-debuginfo-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libisc1606-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libisc1606-debuginfo-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libisccc1600-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libisccc1600-debuginfo-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libisccfg1600-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libisccfg1600-debuginfo-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libns1604-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libns1604-debuginfo-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"bind-debuginfo-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"bind-debugsource-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"bind-devel-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"bind-utils-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"bind-utils-debuginfo-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libbind9-1600-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libbind9-1600-debuginfo-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libdns1605-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libdns1605-debuginfo-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libirs-devel-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libirs1601-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libirs1601-debuginfo-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libisc1606-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libisc1606-debuginfo-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libisccc1600-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libisccc1600-debuginfo-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libisccfg1600-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libisccfg1600-debuginfo-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libns1604-9.16.6-12.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libns1604-debuginfo-9.16.6-12.32.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2022-06-23T15:10:18", "description": "This update for bind fixes the following issues :\n\nBIND was upgraded to version 9.16.6 :\n\nNote :\n\n - bind is now more strict in regards to DNSSEC. If queries are not working, check for DNSSEC issues. For instance, if bind is used in a namserver forwarder chain, the forwarding DNS servers must support DNSSEC.\n\nFixing security issues :\n\n - CVE-2020-8616: Further limit the number of queries that can be triggered from a request. Root and TLD servers are no longer exempt from max-recursion-queries. Fetches for missing name server. (bsc#1171740) Address records are limited to 4 for any domain.\n\n - CVE-2020-8617: Replaying a TSIG BADTIME response as a request could trigger an assertion failure.\n (bsc#1171740)\n\n - CVE-2019-6477: Fixed an issue where TCP-pipelined queries could bypass the tcp-clients limit (bsc#1157051).\n\n - CVE-2018-5741: Fixed the documentation (bsc#1109160).\n\n - CVE-2020-8618: It was possible to trigger an INSIST when determining whether a record would fit into a TCP message buffer (bsc#1172958).\n\n - CVE-2020-8619: It was possible to trigger an INSIST in lib/dns/rbtdb.c:new_reference() with a particular zone content and query patterns (bsc#1172958).\n\n - CVE-2020-8624: 'update-policy' rules of type 'subdomain' were incorrectly treated as 'zonesub' rules, which allowed keys used in 'subdomain' rules to update names outside of the specified subdomains. The problem was fixed by making sure 'subdomain' rules are again processed as described in the ARM (bsc#1175443).\n\n - CVE-2020-8623: When BIND 9 was compiled with native PKCS#11 support, it was possible to trigger an assertion failure in code determining the number of bits in the PKCS#11 RSA public key with a specially crafted packet (bsc#1175443).\n\n - CVE-2020-8621: named could crash in certain query resolution scenarios where QNAME minimization and forwarding were both enabled (bsc#1175443).\n\n - CVE-2020-8620: It was possible to trigger an assertion failure by sending a specially crafted large TCP DNS message (bsc#1175443).\n\n - CVE-2020-8622: It was possible to trigger an assertion failure when verifying the response to a TSIG-signed request (bsc#1175443).\n\nOther issues fixed :\n\n - Add engine support to OpenSSL EdDSA implementation.\n\n - Add engine support to OpenSSL ECDSA implementation.\n\n - Update PKCS#11 EdDSA implementation to PKCS#11 v3.0.\n\n - Warn about AXFR streams with inconsistent message IDs.\n\n - Make ISC rwlock implementation the default again.\n\n - Fixed issues when using cookie-secrets for AES and SHA2 (bsc#1161168)\n\n - Installed the default files in /var/lib/named and created chroot environment on systems using transactional-updates (bsc#1100369, fate#325524)\n\n - Fixed an issue where bind was not working in FIPS mode (bsc#906079).\n\n - Fixed dependency issues (bsc#1118367 and bsc#1118368).\n\n - GeoIP support is now discontinued, now GeoIP2 is used(bsc#1156205).\n\n - Fixed an issue with FIPS (bsc#1128220).\n\n - The liblwres library is discontinued upstream and is no longer included.\n\n - Added service dependency on NTP to make sure the clock is accurate when bind is starts (bsc#1170667, bsc#1170713).\n\n - Reject DS records at the zone apex when loading master files. Log but otherwise ignore attempts to add DS records at the zone apex via UPDATE.\n\n - The default value of 'max-stale-ttl' has been changed from 1 week to 12 hours.\n\n - Zone timers are now exported via statistics channel.\n\n - The 'primary' and 'secondary' keywords, when used as parameters for 'check-names', were not processed correctly and were being ignored.\n\n - 'rndc dnstap -roll <value>' did not limit the number of saved files to <value>.\n\n - Add 'rndc dnssec -status' command.\n\n - Addressed a couple of situations where named could crash.\n\n - Changed /var/lib/named to owner root:named and perms rwxrwxr-t so that named, being a/the only member of the 'named' group has full r/w access yet cannot change directories owned by root in the case of a compromized named. [bsc#1173307, bind-chrootenv.conf]\n\n - Added '/etc/bind.keys' to NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named to suppress warning message re missing file (bsc#1173983).\n\n - Removed '-r /dev/urandom' from all invocations of rndc-confgen (init/named system/lwresd.init system/named.init in vendor-files) as this option is deprecated and causes rndc-confgen to fail.\n (bsc#1173311, bsc#1176674, bsc#1170713)\n\n - /usr/bin/genDDNSkey: Removing the use of the -r option in the call of /usr/sbin/dnssec-keygen as BIND now uses the random number functions provided by the crypto library (i.e., OpenSSL or a PKCS#11 provider) as a source of randomness rather than /dev/random. Therefore the -r command line option no longer has any effect on dnssec-keygen. Leaving the option in genDDNSkey as to not break compatibility. Patch provided by Stefan Eisenwiener. [bsc#1171313]\n\n - Put libns into a separate subpackage to avoid file conflicts in the libisc subpackage due to different sonums (bsc#1176092).\n\n - Require /sbin/start_daemon: both init scripts, the one used in systemd context as well as legacy sysv, make use of start_daemon.\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}, "published": "2020-10-20T00:00:00", "type": "nessus", "title": "openSUSE Security Update : bind (openSUSE-2020-1699)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3136", "CVE-2018-5741", "CVE-2019-6477", "CVE-2020-8616", "CVE-2020-8617", "CVE-2020-8618", "CVE-2020-8619", "CVE-2020-8620", "CVE-2020-8621", "CVE-2020-8622", "CVE-2020-8623", "CVE-2020-8624"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:bind", "p-cpe:/a:novell:opensuse:bind-chrootenv", "p-cpe:/a:novell:opensuse:bind-debuginfo", "p-cpe:/a:novell:opensuse:bind-debugsource", "p-cpe:/a:novell:opensuse:bind-devel", "p-cpe:/a:novell:opensuse:bind-devel-32bit", "p-cpe:/a:novell:opensuse:bind-utils", "p-cpe:/a:novell:opensuse:bind-utils-debuginfo", "p-cpe:/a:novell:opensuse:libbind9-1600", "p-cpe:/a:novell:opensuse:libbind9-1600-32bit", "p-cpe:/a:novell:opensuse:libbind9-1600-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libbind9-1600-debuginfo", "p-cpe:/a:novell:opensuse:libdns1605", "p-cpe:/a:novell:opensuse:libdns1605-32bit", "p-cpe:/a:novell:opensuse:libdns1605-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libdns1605-debuginfo", "p-cpe:/a:novell:opensuse:libirs-devel", "p-cpe:/a:novell:opensuse:libirs1601", "p-cpe:/a:novell:opensuse:libirs1601-32bit", "p-cpe:/a:novell:opensuse:libirs1601-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libirs1601-debuginfo", "p-cpe:/a:novell:opensuse:libisc1606", "p-cpe:/a:novell:opensuse:libisc1606-32bit", "p-cpe:/a:novell:opensuse:libisc1606-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libisc1606-debuginfo", "p-cpe:/a:novell:opensuse:libisccc1600", "p-cpe:/a:novell:opensuse:libisccc1600-32bit", "p-cpe:/a:novell:opensuse:libisccc1600-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libisccc1600-debuginfo", "p-cpe:/a:novell:opensuse:libisccfg1600", "p-cpe:/a:novell:opensuse:libisccfg1600-32bit", "p-cpe:/a:novell:opensuse:libisccfg1600-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libisccfg1600-debuginfo", "p-cpe:/a:novell:opensuse:libns1604", "p-cpe:/a:novell:opensuse:libns1604-32bit", "p-cpe:/a:novell:opensuse:libns1604-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libns1604-debuginfo", "p-cpe:/a:novell:opensuse:libuv-debugsource", "p-cpe:/a:novell:opensuse:libuv-devel", "p-cpe:/a:novell:opensuse:libuv1", "p-cpe:/a:novell:opensuse:libuv1-32bit", "p-cpe:/a:novell:opensuse:libuv1-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libuv1-debuginfo", "p-cpe:/a:novell:opensuse:python3-bind", "p-cpe:/a:novell:opensuse:sysuser-shadow", "p-cpe:/a:novell:opensuse:sysuser-tools", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-1699.NASL", "href": "https://www.tenable.com/plugins/nessus/141560", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1699.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141560);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\"CVE-2017-3136\", \"CVE-2018-5741\", \"CVE-2019-6477\", \"CVE-2020-8616\", \"CVE-2020-8617\", \"CVE-2020-8618\", \"CVE-2020-8619\", \"CVE-2020-8620\", \"CVE-2020-8621\", \"CVE-2020-8622\", \"CVE-2020-8623\", \"CVE-2020-8624\");\n\n script_name(english:\"openSUSE Security Update : bind (openSUSE-2020-1699)\");\n script_summary(english:\"Check for the openSUSE-2020-1699 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for bind fixes the following issues :\n\nBIND was upgraded to version 9.16.6 :\n\nNote :\n\n - bind is now more strict in regards to DNSSEC. If queries\n are not working, check for DNSSEC issues. For instance,\n if bind is used in a namserver forwarder chain, the\n forwarding DNS servers must support DNSSEC.\n\nFixing security issues :\n\n - CVE-2020-8616: Further limit the number of queries that\n can be triggered from a request. Root and TLD servers\n are no longer exempt from max-recursion-queries. Fetches\n for missing name server. (bsc#1171740) Address records\n are limited to 4 for any domain.\n\n - CVE-2020-8617: Replaying a TSIG BADTIME response as a\n request could trigger an assertion failure.\n (bsc#1171740)\n\n - CVE-2019-6477: Fixed an issue where TCP-pipelined\n queries could bypass the tcp-clients limit\n (bsc#1157051).\n\n - CVE-2018-5741: Fixed the documentation (bsc#1109160).\n\n - CVE-2020-8618: It was possible to trigger an INSIST when\n determining whether a record would fit into a TCP\n message buffer (bsc#1172958).\n\n - CVE-2020-8619: It was possible to trigger an INSIST in\n lib/dns/rbtdb.c:new_reference() with a particular zone\n content and query patterns (bsc#1172958).\n\n - CVE-2020-8624: 'update-policy' rules of type 'subdomain'\n were incorrectly treated as 'zonesub' rules, which\n allowed keys used in 'subdomain' rules to update names\n outside of the specified subdomains. The problem was\n fixed by making sure 'subdomain' rules are again\n processed as described in the ARM (bsc#1175443).\n\n - CVE-2020-8623: When BIND 9 was compiled with native\n PKCS#11 support, it was possible to trigger an assertion\n failure in code determining the number of bits in the\n PKCS#11 RSA public key with a specially crafted packet\n (bsc#1175443).\n\n - CVE-2020-8621: named could crash in certain query\n resolution scenarios where QNAME minimization and\n forwarding were both enabled (bsc#1175443).\n\n - CVE-2020-8620: It was possible to trigger an assertion\n failure by sending a specially crafted large TCP DNS\n message (bsc#1175443).\n\n - CVE-2020-8622: It was possible to trigger an assertion\n failure when verifying the response to a TSIG-signed\n request (bsc#1175443).\n\nOther issues fixed :\n\n - Add engine support to OpenSSL EdDSA implementation.\n\n - Add engine support to OpenSSL ECDSA implementation.\n\n - Update PKCS#11 EdDSA implementation to PKCS#11 v3.0.\n\n - Warn about AXFR streams with inconsistent message IDs.\n\n - Make ISC rwlock implementation the default again.\n\n - Fixed issues when using cookie-secrets for AES and SHA2\n (bsc#1161168)\n\n - Installed the default files in /var/lib/named and\n created chroot environment on systems using\n transactional-updates (bsc#1100369, fate#325524)\n\n - Fixed an issue where bind was not working in FIPS mode\n (bsc#906079).\n\n - Fixed dependency issues (bsc#1118367 and bsc#1118368).\n\n - GeoIP support is now discontinued, now GeoIP2 is\n used(bsc#1156205).\n\n - Fixed an issue with FIPS (bsc#1128220).\n\n - The liblwres library is discontinued upstream and is no\n longer included.\n\n - Added service dependency on NTP to make sure the clock\n is accurate when bind is starts (bsc#1170667,\n bsc#1170713).\n\n - Reject DS records at the zone apex when loading master\n files. Log but otherwise ignore attempts to add DS\n records at the zone apex via UPDATE.\n\n - The default value of 'max-stale-ttl' has been changed\n from 1 week to 12 hours.\n\n - Zone timers are now exported via statistics channel.\n\n - The 'primary' and 'secondary' keywords, when used as\n parameters for 'check-names', were not processed\n correctly and were being ignored.\n\n - 'rndc dnstap -roll <value>' did not limit the number of\n saved files to <value>.\n\n - Add 'rndc dnssec -status' command.\n\n - Addressed a couple of situations where named could\n crash.\n\n - Changed /var/lib/named to owner root:named and perms\n rwxrwxr-t so that named, being a/the only member of the\n 'named' group has full r/w access yet cannot change\n directories owned by root in the case of a compromized\n named. [bsc#1173307, bind-chrootenv.conf]\n\n - Added '/etc/bind.keys' to NAMED_CONF_INCLUDE_FILES in\n /etc/sysconfig/named to suppress warning message re\n missing file (bsc#1173983).\n\n - Removed '-r /dev/urandom' from all invocations of\n rndc-confgen (init/named system/lwresd.init\n system/named.init in vendor-files) as this option is\n deprecated and causes rndc-confgen to fail.\n (bsc#1173311, bsc#1176674, bsc#1170713)\n\n - /usr/bin/genDDNSkey: Removing the use of the -r option\n in the call of /usr/sbin/dnssec-keygen as BIND now uses\n the random number functions provided by the crypto\n library (i.e., OpenSSL or a PKCS#11 provider) as a\n source of randomness rather than /dev/random. Therefore\n the -r command line option no longer has any effect on\n dnssec-keygen. Leaving the option in genDDNSkey as to\n not break compatibility. Patch provided by Stefan\n Eisenwiener. [bsc#1171313]\n\n - Put libns into a separate subpackage to avoid file\n conflicts in the libisc subpackage due to different\n sonums (bsc#1176092).\n\n - Require /sbin/start_daemon: both init scripts, the one\n used in systemd context as well as legacy sysv, make use\n of start_daemon.\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1100369\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118367\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118368\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1128220\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1156205\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1157051\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1161168\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1170667\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1170713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1171313\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1171740\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172958\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173307\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173983\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175443\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176092\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176674\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=906079\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/325524\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8624\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-chrootenv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libbind9-1600\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libbind9-1600-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libbind9-1600-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libbind9-1600-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdns1605\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdns1605-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdns1605-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdns1605-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libirs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libirs1601\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libirs1601-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libirs1601-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libirs1601-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libisc1606\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libisc1606-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libisc1606-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libisc1606-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libisccc1600\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libisccc1600-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libisccc1600-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libisccc1600-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libisccfg1600\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libisccfg1600-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libisccfg1600-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libisccfg1600-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libns1604\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libns1604-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libns1604-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libns1604-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libuv-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libuv-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libuv1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libuv1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libuv1-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libuv1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sysuser-shadow\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sysuser-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"bind-9.16.6-lp152.14.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"bind-chrootenv-9.16.6-lp152.14.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"bind-debuginfo-9.16.6-lp152.14.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"bind-debugsource-9.16.6-lp152.14.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"bind-devel-9.16.6-lp152.14.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"bind-utils-9.16.6-lp152.14.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"bind-utils-debuginfo-9.16.6-lp152.14.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libbind9-1600-9.16.6-lp152.14.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libbind9-1600-debuginfo-9.16.6-lp152.14.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libdns1605-9.16.6-lp152.14.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libdns1605-debuginfo-9.16.6-lp152.14.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libirs-devel-9.16.6-lp152.14.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libirs1601-9.16.6-lp152.14.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libirs1601-debuginfo-9.16.6-lp152.14.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libisc1606-9.16.6-lp152.14.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libisc1606-debuginfo-9.16.6-lp152.14.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libisccc1600-9.16.6-lp152.14.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libisccc1600-debuginfo-9.16.6-lp152.14.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libisccfg1600-9.16.6-lp152.14.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libisccfg1600-debuginfo-9.16.6-lp152.14.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libns1604-9.16.6-lp152.14.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libns1604-debuginfo-9.16.6-lp152.14.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libuv-debugsource-1.18.0-lp152.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libuv-devel-1.18.0-lp152.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libuv1-1.18.0-lp152.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libuv1-debuginfo-1.18.0-lp152.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"python3-bind-9.16.6-lp152.14.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"sysuser-shadow-2.0-lp152.5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"sysuser-tools-2.0-lp152.5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"bind-devel-32bit-9.16.6-lp152.14.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libbind9-1600-32bit-9.16.6-lp152.14.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libbind9-1600-32bit-debuginfo-9.16.6-lp152.14.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libdns1605-32bit-9.16.6-lp152.14.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libdns1605-32bit-debuginfo-9.16.6-lp152.14.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libirs1601-32bit-9.16.6-lp152.14.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libirs1601-32bit-debuginfo-9.16.6-lp152.14.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libisc1606-32bit-9.16.6-lp152.14.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libisc1606-32bit-debuginfo-9.16.6-lp152.14.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libisccc1600-32bit-9.16.6-lp152.14.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libisccc1600-32bit-debuginfo-9.16.6-lp152.14.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libisccfg1600-32bit-9.16.6-lp152.14.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libisccfg1600-32bit-debuginfo-9.16.6-lp152.14.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libns1604-32bit-9.16.6-lp152.14.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libns1604-32bit-debuginfo-9.16.6-lp152.14.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libuv1-32bit-1.18.0-lp152.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libuv1-32bit-debuginfo-1.18.0-lp152.4.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chrootenv / bind-debuginfo / bind-debugsource / etc\");\n}\n", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2022-06-23T15:10:18", "description": "This update for bind fixes the following issues :\n\nBIND was upgraded to version 9.16.6 :\n\nNote :\n\n - bind is now more strict in regards to DNSSEC. If queries are not working, check for DNSSEC issues. For instance, if bind is used in a namserver forwarder chain, the forwarding DNS servers must support DNSSEC.\n\nFixing security issues :\n\n - CVE-2020-8616: Further limit the number of queries that can be triggered from a request. Root and TLD servers are no longer exempt from max-recursion-queries. Fetches for missing name server. (bsc#1171740) Address records are limited to 4 for any domain.\n\n - CVE-2020-8617: Replaying a TSIG BADTIME response as a request could trigger an assertion failure.\n (bsc#1171740)\n\n - CVE-2019-6477: Fixed an issue where TCP-pipelined queries could bypass the tcp-clients limit (bsc#1157051).\n\n - CVE-2018-5741: Fixed the documentation (bsc#1109160).\n\n - CVE-2020-8618: It was possible to trigger an INSIST when determining whether a record would fit into a TCP message buffer (bsc#1172958).\n\n - CVE-2020-8619: It was possible to trigger an INSIST in lib/dns/rbtdb.c:new_reference() with a particular zone content and query patterns (bsc#1172958).\n\n - CVE-2020-8624: 'update-policy' rules of type 'subdomain' were incorrectly treated as 'zonesub' rules, which allowed keys used in 'subdomain' rules to update names outside of the specified subdomains. The problem was fixed by making sure 'subdomain' rules are again processed as described in the ARM (bsc#1175443).\n\n - CVE-2020-8623: When BIND 9 was compiled with native PKCS#11 support, it was possible to trigger an assertion failure in code determining the number of bits in the PKCS#11 RSA public key with a specially crafted packet (bsc#1175443).\n\n - CVE-2020-8621: named could crash in certain query resolution scenarios where QNAME minimization and forwarding were both enabled (bsc#1175443).\n\n - CVE-2020-8620: It was possible to trigger an assertion failure by sending a specially crafted large TCP DNS message (bsc#1175443).\n\n - CVE-2020-8622: It was possible to trigger an assertion failure when verifying the response to a TSIG-signed request (bsc#1175443).\n\nOther issues fixed :\n\n - Add engine support to OpenSSL EdDSA implementation.\n\n - Add engine support to OpenSSL ECDSA implementation.\n\n - Update PKCS#11 EdDSA implementation to PKCS#11 v3.0.\n\n - Warn about AXFR streams with inconsistent message IDs.\n\n - Make ISC rwlock implementation the default again.\n\n - Fixed issues when using cookie-secrets for AES and SHA2 (bsc#1161168)\n\n - Installed the default files in /var/lib/named and created chroot environment on systems using transactional-updates (bsc#1100369, fate#325524)\n\n - Fixed an issue where bind was not working in FIPS mode (bsc#906079).\n\n - Fixed dependency issues (bsc#1118367 and bsc#1118368).\n\n - GeoIP support is now discontinued, now GeoIP2 is used(bsc#1156205).\n\n - Fixed an issue with FIPS (bsc#1128220).\n\n - The liblwres library is discontinued upstream and is no longer included.\n\n - Added service dependency on NTP to make sure the clock is accurate when bind is starts (bsc#1170667, bsc#1170713).\n\n - Reject DS records at the zone apex when loading master files. Log but otherwise ignore attempts to add DS records at the zone apex via UPDATE.\n\n - The default value of 'max-stale-ttl' has been changed from 1 week to 12 hours.\n\n - Zone timers are now exported via statistics channel.\n\n - The 'primary' and 'secondary' keywords, when used as parameters for 'check-names', were not processed correctly and were being ignored.\n\n - 'rndc dnstap -roll <value>' did not limit the number of saved files to <value>.\n\n - Add 'rndc dnssec -status' command.\n\n - Addressed a couple of situations where named could crash.\n\n - Changed /var/lib/named to owner root:named and perms rwxrwxr-t so that named, being a/the only member of the 'named' group has full r/w access yet cannot change directories owned by root in the case of a compromized named. [bsc#1173307, bind-chrootenv.conf]\n\n - Added '/etc/bind.keys' to NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named to suppress warning message re missing file (bsc#1173983).\n\n - Removed '-r /dev/urandom' from all invocations of rndc-confgen (init/named system/lwresd.init system/named.init in vendor-files) as this option is deprecated and causes rndc-confgen to fail.\n (bsc#1173311, bsc#1176674, bsc#1170713)\n\n - /usr/bin/genDDNSkey: Removing the use of the -r option in the call of /usr/sbin/dnssec-keygen as BIND now uses the random number functions provided by the crypto library (i.e., OpenSSL or a PKCS#11 provider) as a source of randomness rather than /dev/random. Therefore the -r command line option no longer has any effect on dnssec-keygen. Leaving the option in genDDNSkey as to not break compatibility. Patch provided by Stefan Eisenwiener. [bsc#1171313]\n\n - Put libns into a separate subpackage to avoid file conflicts in the libisc subpackage due to different sonums (bsc#1176092).\n\n - Require /sbin/start_daemon: both init scripts, the one used in systemd context as well as legacy sysv, make use of start_daemon.\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}, "published": "2020-10-23T00:00:00", "type": "nessus", "title": "openSUSE Security Update : bind (openSUSE-2020-1701)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3136", "CVE-2018-5741", "CVE-2019-6477", "CVE-2020-8616", "CVE-2020-8617", "CVE-2020-8618", "CVE-2020-8619", "CVE-2020-8620", "CVE-2020-8621", "CVE-2020-8622", "CVE-2020-8623", "CVE-2020-8624"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:bind", "p-cpe:/a:novell:opensuse:bind-chrootenv", "p-cpe:/a:novell:opensuse:bind-debuginfo", "p-cpe:/a:novell:opensuse:bind-debugsource", "p-cpe:/a:novell:opensuse:bind-devel", "p-cpe:/a:novell:opensuse:bind-devel-32bit", "p-cpe:/a:novell:opensuse:bind-utils", "p-cpe:/a:novell:opensuse:bind-utils-debuginfo", "p-cpe:/a:novell:opensuse:libbind9-1600", "p-cpe:/a:novell:opensuse:libbind9-1600-32bit", "p-cpe:/a:novell:opensuse:libbind9-1600-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libbind9-1600-debuginfo", "p-cpe:/a:novell:opensuse:libdns1605", "p-cpe:/a:novell:opensuse:libdns1605-32bit", "p-cpe:/a:novell:opensuse:libdns1605-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libdns1605-debuginfo", "p-cpe:/a:novell:opensuse:libirs-devel", "p-cpe:/a:novell:opensuse:libirs1601", "p-cpe:/a:novell:opensuse:libirs1601-32bit", "p-cpe:/a:novell:opensuse:libirs1601-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libirs1601-debuginfo", "p-cpe:/a:novell:opensuse:libisc1606", "p-cpe:/a:novell:opensuse:libisc1606-32bit", "p-cpe:/a:novell:opensuse:libisc1606-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libisc1606-debuginfo", "p-cpe:/a:novell:opensuse:libisccc1600", "p-cpe:/a:novell:opensuse:libisccc1600-32bit", "p-cpe:/a:novell:opensuse:libisccc1600-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libisccc1600-debuginfo", "p-cpe:/a:novell:opensuse:libisccfg1600", "p-cpe:/a:novell:opensuse:libisccfg1600-32bit", "p-cpe:/a:novell:opensuse:libisccfg1600-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libisccfg1600-debuginfo", "p-cpe:/a:novell:opensuse:libns1604", "p-cpe:/a:novell:opensuse:libns1604-32bit", "p-cpe:/a:novell:opensuse:libns1604-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libns1604-debuginfo", "p-cpe:/a:novell:opensuse:libuv-debugsource", "p-cpe:/a:novell:opensuse:libuv-devel", "p-cpe:/a:novell:opensuse:libuv1", "p-cpe:/a:novell:opensuse:libuv1-32bit", "p-cpe:/a:novell:opensuse:libuv1-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libuv1-debuginfo", "p-cpe:/a:novell:opensuse:python3-bind", "p-cpe:/a:novell:opensuse:sysuser-shadow", "p-cpe:/a:novell:opensuse:sysuser-tools", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-1701.NASL", "href": "https://www.tenable.com/plugins/nessus/141839", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1701.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141839);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\"CVE-2017-3136\", \"CVE-2018-5741\", \"CVE-2019-6477\", \"CVE-2020-8616\", \"CVE-2020-8617\", \"CVE-2020-8618\", \"CVE-2020-8619\", \"CVE-2020-8620\", \"CVE-2020-8621\", \"CVE-2020-8622\", \"CVE-2020-8623\", \"CVE-2020-8624\");\n\n script_name(english:\"openSUSE Security Update : bind (openSUSE-2020-1701)\");\n script_summary(english:\"Check for the openSUSE-2020-1701 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for bind fixes the following issues :\n\nBIND was upgraded to version 9.16.6 :\n\nNote :\n\n - bind is now more strict in regards to DNSSEC. If queries\n are not working, check for DNSSEC issues. For instance,\n if bind is used in a namserver forwarder chain, the\n forwarding DNS servers must support DNSSEC.\n\nFixing security issues :\n\n - CVE-2020-8616: Further limit the number of queries that\n can be triggered from a request. Root and TLD servers\n are no longer exempt from max-recursion-queries. Fetches\n for missing name server. (bsc#1171740) Address records\n are limited to 4 for any domain.\n\n - CVE-2020-8617: Replaying a TSIG BADTIME response as a\n request could trigger an assertion failure.\n (bsc#1171740)\n\n - CVE-2019-6477: Fixed an issue where TCP-pipelined\n queries could bypass the tcp-clients limit\n (bsc#1157051).\n\n - CVE-2018-5741: Fixed the documentation (bsc#1109160).\n\n - CVE-2020-8618: It was possible to trigger an INSIST when\n determining whether a record would fit into a TCP\n message buffer (bsc#1172958).\n\n - CVE-2020-8619: It was possible to trigger an INSIST in\n lib/dns/rbtdb.c:new_reference() with a particular zone\n content and query patterns (bsc#1172958).\n\n - CVE-2020-8624: 'update-policy' rules of type 'subdomain'\n were incorrectly treated as 'zonesub' rules, which\n allowed keys used in 'subdomain' rules to update names\n outside of the specified subdomains. The problem was\n fixed by making sure 'subdomain' rules are again\n processed as described in the ARM (bsc#1175443).\n\n - CVE-2020-8623: When BIND 9 was compiled with native\n PKCS#11 support, it was possible to trigger an assertion\n failure in code determining the number of bits in the\n PKCS#11 RSA public key with a specially crafted packet\n (bsc#1175443).\n\n - CVE-2020-8621: named could crash in certain query\n resolution scenarios where QNAME minimization and\n forwarding were both enabled (bsc#1175443).\n\n - CVE-2020-8620: It was possible to trigger an assertion\n failure by sending a specially crafted large TCP DNS\n message (bsc#1175443).\n\n - CVE-2020-8622: It was possible to trigger an assertion\n failure when verifying the response to a TSIG-signed\n request (bsc#1175443).\n\nOther issues fixed :\n\n - Add engine support to OpenSSL EdDSA implementation.\n\n - Add engine support to OpenSSL ECDSA implementation.\n\n - Update PKCS#11 EdDSA implementation to PKCS#11 v3.0.\n\n - Warn about AXFR streams with inconsistent message IDs.\n\n - Make ISC rwlock implementation the default again.\n\n - Fixed issues when using cookie-secrets for AES and SHA2\n (bsc#1161168)\n\n - Installed the default files in /var/lib/named and\n created chroot environment on systems using\n transactional-updates (bsc#1100369, fate#325524)\n\n - Fixed an issue where bind was not working in FIPS mode\n (bsc#906079).\n\n - Fixed dependency issues (bsc#1118367 and bsc#1118368).\n\n - GeoIP support is now discontinued, now GeoIP2 is\n used(bsc#1156205).\n\n - Fixed an issue with FIPS (bsc#1128220).\n\n - The liblwres library is discontinued upstream and is no\n longer included.\n\n - Added service dependency on NTP to make sure the clock\n is accurate when bind is starts (bsc#1170667,\n bsc#1170713).\n\n - Reject DS records at the zone apex when loading master\n files. Log but otherwise ignore attempts to add DS\n records at the zone apex via UPDATE.\n\n - The default value of 'max-stale-ttl' has been changed\n from 1 week to 12 hours.\n\n - Zone timers are now exported via statistics channel.\n\n - The 'primary' and 'secondary' keywords, when used as\n parameters for 'check-names', were not processed\n correctly and were being ignored.\n\n - 'rndc dnstap -roll <value>' did not limit the number of\n saved files to <value>.\n\n - Add 'rndc dnssec -status' command.\n\n - Addressed a couple of situations where named could\n crash.\n\n - Changed /var/lib/named to owner root:named and perms\n rwxrwxr-t so that named, being a/the only member of the\n 'named' group has full r/w access yet cannot change\n directories owned by root in the case of a compromized\n named. [bsc#1173307, bind-chrootenv.conf]\n\n - Added '/etc/bind.keys' to NAMED_CONF_INCLUDE_FILES in\n /etc/sysconfig/named to suppress warning message re\n missing file (bsc#1173983).\n\n - Removed '-r /dev/urandom' from all invocations of\n rndc-confgen (init/named system/lwresd.init\n system/named.init in vendor-files) as this option is\n deprecated and causes rndc-confgen to fail.\n (bsc#1173311, bsc#1176674, bsc#1170713)\n\n - /usr/bin/genDDNSkey: Removing the use of the -r option\n in the call of /usr/sbin/dnssec-keygen as BIND now uses\n the random number functions provided by the crypto\n library (i.e., OpenSSL or a PKCS#11 provider) as a\n source of randomness rather than /dev/random. Therefore\n the -r command line option no longer has any effect on\n dnssec-keygen. Leaving the option in genDDNSkey as to\n not break compatibility. Patch provided by Stefan\n Eisenwiener. [bsc#1171313]\n\n - Put libns into a separate subpackage to avoid file\n conflicts in the libisc subpackage due to different\n sonums (bsc#1176092).\n\n - Require /sbin/start_daemon: both init scripts, the one\n used in systemd context as well as legacy sysv, make use\n of start_daemon.\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1100369\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118367\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118368\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1128220\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1156205\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1157051\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1161168\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1170667\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1170713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1171313\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1171740\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172958\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173307\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173983\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175443\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176092\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176674\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=906079\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/325524\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8624\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-chrootenv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libbind9-1600\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libbind9-1600-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libbind9-1600-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libbind9-1600-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdns1605\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdns1605-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdns1605-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdns1605-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libirs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libirs1601\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libirs1601-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libirs1601-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libirs1601-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libisc1606\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libisc1606-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libisc1606-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libisc1606-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libisccc1600\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libisccc1600-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libisccc1600-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libisccc1600-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libisccfg1600\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libisccfg1600-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libisccfg1600-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libisccfg1600-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libns1604\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libns1604-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libns1604-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libns1604-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libuv-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libuv-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libuv1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libuv1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libuv1-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libuv1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sysuser-shadow\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sysuser-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"bind-9.16.6-lp151.11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"bind-chrootenv-9.16.6-lp151.11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"bind-debuginfo-9.16.6-lp151.11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"bind-debugsource-9.16.6-lp151.11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"bind-devel-9.16.6-lp151.11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"bind-utils-9.16.6-lp151.11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"bind-utils-debuginfo-9.16.6-lp151.11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libbind9-1600-9.16.6-lp151.11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libbind9-1600-debuginfo-9.16.6-lp151.11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libdns1605-9.16.6-lp151.11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libdns1605-debuginfo-9.16.6-lp151.11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libirs-devel-9.16.6-lp151.11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libirs1601-9.16.6-lp151.11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libirs1601-debuginfo-9.16.6-lp151.11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libisc1606-9.16.6-lp151.11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libisc1606-debuginfo-9.16.6-lp151.11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libisccc1600-9.16.6-lp151.11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libisccc1600-debuginfo-9.16.6-lp151.11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libisccfg1600-9.16.6-lp151.11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libisccfg1600-debuginfo-9.16.6-lp151.11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libns1604-9.16.6-lp151.11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libns1604-debuginfo-9.16.6-lp151.11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libuv-debugsource-1.18.0-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libuv-devel-1.18.0-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libuv1-1.18.0-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libuv1-debuginfo-1.18.0-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python3-bind-9.16.6-lp151.11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"sysuser-shadow-2.0-lp151.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"sysuser-tools-2.0-lp151.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"bind-devel-32bit-9.16.6-lp151.11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libbind9-1600-32bit-9.16.6-lp151.11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libbind9-1600-32bit-debuginfo-9.16.6-lp151.11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libdns1605-32bit-9.16.6-lp151.11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libdns1605-32bit-debuginfo-9.16.6-lp151.11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libirs1601-32bit-9.16.6-lp151.11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libirs1601-32bit-debuginfo-9.16.6-lp151.11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libisc1606-32bit-9.16.6-lp151.11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libisc1606-32bit-debuginfo-9.16.6-lp151.11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libisccc1600-32bit-9.16.6-lp151.11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libisccc1600-32bit-debuginfo-9.16.6-lp151.11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libisccfg1600-32bit-9.16.6-lp151.11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libisccfg1600-32bit-debuginfo-9.16.6-lp151.11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libns1604-32bit-9.16.6-lp151.11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libns1604-32bit-debuginfo-9.16.6-lp151.11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libuv1-32bit-1.18.0-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libuv1-32bit-debuginfo-1.18.0-lp151.3.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chrootenv / bind-debuginfo / bind-debugsource / etc\");\n}\n", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:13:27", "description": "Several vulnerabilities were discovered in BIND, a DNS server implementation.\n\n - CVE-2020-8619 It was discovered that an asterisk character in an empty non terminal can cause an assertion failure, resulting in denial of service.\n\n - CVE-2020-8622 Dave Feldman, Jeff Warren, and Joel Cunningham reported that a truncated TSIG response can lead to an assertion failure, resulting in denial of service.\n\n - CVE-2020-8623 Lyu Chiy reported that a flaw in the native PKCS#11 code can lead to a remotely triggerable assertion failure, resulting in denial of service.\n\n - CVE-2020-8624 Joop Boonen reported that update-policy rules of type 'subdomain' are enforced incorrectly, allowing updates to all parts of the zone along with the intended subdomain.", "cvss3": {"score": 4.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}, "published": "2020-08-28T00:00:00", "type": "nessus", "title": "Debian DSA-4752-1 : bind9 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8619", "CVE-2020-8622", "CVE-2020-8623", "CVE-2020-8624"], "modified": "2021-06-03T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:bind9", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4752.NASL", "href": "https://www.tenable.com/plugins/nessus/139930", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4752. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139930);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/03\");\n\n script_cve_id(\n \"CVE-2020-8619\",\n \"CVE-2020-8622\",\n \"CVE-2020-8623\",\n \"CVE-2020-8624\"\n );\n script_xref(name:\"DSA\", value:\"4752\");\n script_xref(name:\"IAVA\", value:\"2020-A-0385-S\");\n\n script_name(english:\"Debian DSA-4752-1 : bind9 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities were discovered in BIND, a DNS server\nimplementation.\n\n - CVE-2020-8619\n It was discovered that an asterisk character in an empty\n non terminal can cause an assertion failure, resulting\n in denial of service.\n\n - CVE-2020-8622\n Dave Feldman, Jeff Warren, and Joel Cunningham reported\n that a truncated TSIG response can lead to an assertion\n failure, resulting in denial of service.\n\n - CVE-2020-8623\n Lyu Chiy reported that a flaw in the native PKCS#11 code\n can lead to a remotely triggerable assertion failure,\n resulting in denial of service.\n\n - CVE-2020-8624\n Joop Boonen reported that update-policy rules of type\n 'subdomain' are enforced incorrectly, allowing updates\n to all parts of the zone along with the intended\n subdomain.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966497\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-8619\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-8622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-8623\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-8624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/bind9\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/buster/bind9\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2020/dsa-4752\");\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the bind9 packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 1:9.11.5.P4+dfsg-5.1+deb10u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8624\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bind9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/28\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"bind9\", reference:\"1:9.11.5.P4+dfsg-5.1+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"bind9-doc\", reference:\"1:9.11.5.P4+dfsg-5.1+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"bind9-host\", reference:\"1:9.11.5.P4+dfsg-5.1+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"bind9utils\", reference:\"1:9.11.5.P4+dfsg-5.1+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"dnsutils\", reference:\"1:9.11.5.P4+dfsg-5.1+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libbind-dev\", reference:\"1:9.11.5.P4+dfsg-5.1+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libbind-export-dev\", reference:\"1:9.11.5.P4+dfsg-5.1+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libbind9-161\", reference:\"1:9.11.5.P4+dfsg-5.1+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libdns-export1104\", reference:\"1:9.11.5.P4+dfsg-5.1+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libdns-export1104-udeb\", reference:\"1:9.11.5.P4+dfsg-5.1+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libdns1104\", reference:\"1:9.11.5.P4+dfsg-5.1+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libirs-export161\", reference:\"1:9.11.5.P4+dfsg-5.1+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libirs-export161-udeb\", reference:\"1:9.11.5.P4+dfsg-5.1+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libirs161\", reference:\"1:9.11.5.P4+dfsg-5.1+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libisc-export1100\", reference:\"1:9.11.5.P4+dfsg-5.1+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libisc-export1100-udeb\", reference:\"1:9.11.5.P4+dfsg-5.1+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libisc1100\", reference:\"1:9.11.5.P4+dfsg-5.1+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libisccc-export161\", reference:\"1:9.11.5.P4+dfsg-5.1+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libisccc-export161-udeb\", reference:\"1:9.11.5.P4+dfsg-5.1+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libisccc161\", reference:\"1:9.11.5.P4+dfsg-5.1+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libisccfg-export163\", reference:\"1:9.11.5.P4+dfsg-5.1+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libisccfg-export163-udeb\", reference:\"1:9.11.5.P4+dfsg-5.1+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libisccfg163\", reference:\"1:9.11.5.P4+dfsg-5.1+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"liblwres161\", reference:\"1:9.11.5.P4+dfsg-5.1+deb10u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:06:09", "description": "The remote NewStart CGSL host, running version MAIN 6.02, has bind packages installed that are affected by multiple vulnerabilities:\n\n - In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk (*) character, this defect cannot be encountered. A would-be attacker who is allowed to change zone content could theoretically introduce such a record in order to exploit this condition to cause denial of service, though we consider the use of this vector unlikely because any such attack would require a significant privilege level and be easily traceable. (CVE-2020-8619)\n\n - In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.\n (CVE-2020-8622)\n\n - In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with\n --enable-native-pkcs11 * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker (CVE-2020-8623)\n\n - In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone. (CVE-2020-8624)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 4.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 6.02 : bind Multiple Vulnerabilities (NS-SA-2021-0064)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8619", "CVE-2020-8622", "CVE-2020-8623", "CVE-2020-8624"], "modified": "2021-03-11T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2021-0064_BIND.NASL", "href": "https://www.tenable.com/plugins/nessus/147396", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0064. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147396);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/11\");\n\n script_cve_id(\n \"CVE-2020-8619\",\n \"CVE-2020-8622\",\n \"CVE-2020-8623\",\n \"CVE-2020-8624\"\n );\n\n script_name(english:\"NewStart CGSL MAIN 6.02 : bind Multiple Vulnerabilities (NS-SA-2021-0064)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 6.02, has bind packages installed that are affected by multiple\nvulnerabilities:\n\n - In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND\n Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service\n for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk\n (*) character, this defect cannot be encountered. A would-be attacker who is allowed to change zone\n content could theoretically introduce such a record in order to exploit this condition to cause denial of\n service, though we consider the use of this vector unlikely because any such attack would require a\n significant privilege level and be easily traceable. (CVE-2020-8619)\n\n - In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the\n BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating\n the server receiving the TSIG-signed request, could send a truncated response to that request, triggering\n an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to\n correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and\n message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.\n (CVE-2020-8622)\n\n - In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the\n BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted\n query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with\n --enable-native-pkcs11 * be signing one or more zones with an RSA key * be able to receive queries from\n a possible attacker (CVE-2020-8623)\n\n - In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also\n affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An\n attacker who has been granted privileges to change a specific subset of the zone's content could abuse\n these unintended additional privileges to update other contents of the zone. (CVE-2020-8624)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0064\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL bind packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8624\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL MAIN 6.02\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.02');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL MAIN 6.02': [\n 'bind-9.11.20-5.el8',\n 'bind-chroot-9.11.20-5.el8',\n 'bind-debuginfo-9.11.20-5.el8',\n 'bind-debugsource-9.11.20-5.el8',\n 'bind-devel-9.11.20-5.el8',\n 'bind-export-devel-9.11.20-5.el8',\n 'bind-export-libs-9.11.20-5.el8',\n 'bind-export-libs-debuginfo-9.11.20-5.el8',\n 'bind-libs-9.11.20-5.el8',\n 'bind-libs-debuginfo-9.11.20-5.el8',\n 'bind-libs-lite-9.11.20-5.el8',\n 'bind-libs-lite-debuginfo-9.11.20-5.el8',\n 'bind-license-9.11.20-5.el8',\n 'bind-lite-devel-9.11.20-5.el8',\n 'bind-pkcs11-9.11.20-5.el8',\n 'bind-pkcs11-debuginfo-9.11.20-5.el8',\n 'bind-pkcs11-devel-9.11.20-5.el8',\n 'bind-pkcs11-libs-9.11.20-5.el8',\n 'bind-pkcs11-libs-debuginfo-9.11.20-5.el8',\n 'bind-pkcs11-utils-9.11.20-5.el8',\n 'bind-pkcs11-utils-debuginfo-9.11.20-5.el8',\n 'bind-sdb-9.11.20-5.el8',\n 'bind-sdb-chroot-9.11.20-5.el8',\n 'bind-sdb-debuginfo-9.11.20-5.el8',\n 'bind-utils-9.11.20-5.el8',\n 'bind-utils-debuginfo-9.11.20-5.el8',\n 'python3-bind-9.11.20-5.el8'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bind');\n}\n", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2022-08-16T15:35:54", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4500 advisory.\n\n - bind: asterisk character in an empty non-terminal can cause an assertion failure in rbtdb.c (CVE-2020-8619)\n\n - bind: truncated TSIG response can lead to an assertion failure (CVE-2020-8622)\n\n - bind: remotely triggerable assertion failure in pk11.c (CVE-2020-8623)\n\n - bind: incorrect enforcement of update-policy rules of type subdomain (CVE-2020-8624)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 4.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}, "published": "2020-11-04T00:00:00", "type": "nessus", "title": "RHEL 8 : bind (RHSA-2020:4500)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8619", "CVE-2020-8622", "CVE-2020-8623", "CVE-2020-8624"], "modified": "2021-10-12T00:00:00", "cpe": ["cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:bind:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:bind-chroot:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:bind-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:bind-libs:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:bind-sdb:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:bind-utils:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:bind-libs-lite:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:bind-license:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:bind-lite-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:bind-pkcs11:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:bind-pkcs11-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:bind-pkcs11-libs:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:bind-pkcs11-utils:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:bind-sdb-chroot:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:bind-export-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:bind-export-libs:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:python3-bind:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_eus:8.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_aus:8.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_e4s:8.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_tus:8.4:*:*:*:*:*:*:*"], "id": "REDHAT-RHSA-2020-4500.NASL", "href": "https://www.tenable.com/plugins/nessus/142448", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4500. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142448);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/12\");\n\n script_cve_id(\n \"CVE-2020-8619\",\n \"CVE-2020-8622\",\n \"CVE-2020-8623\",\n \"CVE-2020-8624\"\n );\n script_xref(name:\"RHSA\", value:\"2020:4500\");\n script_xref(name:\"IAVA\", value:\"2020-A-0276-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0385-S\");\n\n script_name(english:\"RHEL 8 : bind (RHSA-2020:4500)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:4500 advisory.\n\n - bind: asterisk character in an empty non-terminal can cause an assertion failure in rbtdb.c\n (CVE-2020-8619)\n\n - bind: truncated TSIG response can lead to an assertion failure (CVE-2020-8622)\n\n - bind: remotely triggerable assertion failure in pk11.c (CVE-2020-8623)\n\n - bind: incorrect enforcement of update-policy rules of type subdomain (CVE-2020-8624)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/400.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/617.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8619\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8623\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4500\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1847244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1869473\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1869477\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1869480\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8624\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(400, 617);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-export-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-export-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-libs-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-license\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-lite-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-pkcs11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-sdb-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-bind\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'enterprise_linux_8_appstream': [\n 'rhel-8-for-aarch64-appstream-debug-rpms',\n 'rhel-8-for-aarch64-appstream-rpms',\n 'rhel-8-for-aarch64-appstream-source-rpms',\n 'rhel-8-for-s390x-appstream-debug-rpms',\n 'rhel-8-for-s390x-appstream-rpms',\n 'rhel-8-for-s390x-appstream-source-rpms',\n 'rhel-8-for-x86_64-appstream-debug-rpms',\n 'rhel-8-for-x86_64-appstream-rpms',\n 'rhel-8-for-x86_64-appstream-source-rpms'\n ],\n 'enterprise_linux_8_baseos': [\n 'rhel-8-for-aarch64-baseos-debug-rpms',\n 'rhel-8-for-aarch64-baseos-rpms',\n 'rhel-8-for-aarch64-baseos-source-rpms',\n 'rhel-8-for-s390x-baseos-debug-rpms',\n 'rhel-8-for-s390x-baseos-rpms',\n 'rhel-8-for-s390x-baseos-source-rpms',\n 'rhel-8-for-x86_64-baseos-debug-rpms',\n 'rhel-8-for-x86_64-baseos-rpms',\n 'rhel-8-for-x86_64-baseos-source-rpms'\n ],\n 'enterprise_linux_8_crb': [\n 'codeready-builder-for-rhel-8-aarch64-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-rpms',\n 'codeready-builder-for-rhel-8-aarch64-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-rpms',\n 'codeready-builder-for-rhel-8-s390x-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-rpms',\n 'codeready-builder-for-rhel-8-x86_64-source-rpms'\n ],\n 'enterprise_linux_8_highavailability': [\n 'rhel-8-for-aarch64-highavailability-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-rpms',\n 'rhel-8-for-aarch64-highavailability-source-rpms',\n 'rhel-8-for-s390x-highavailability-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-rpms',\n 'rhel-8-for-s390x-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-rpms',\n 'rhel-8-for-x86_64-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'enterprise_linux_8_nfv': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-nfv-tus-debug-rpms',\n 'rhel-8-for-x86_64-nfv-tus-rpms',\n 'rhel-8-for-x86_64-nfv-tus-source-rpms'\n ],\n 'enterprise_linux_8_realtime': [\n 'rhel-8-for-x86_64-rt-debug-rpms',\n 'rhel-8-for-x86_64-rt-rpms',\n 'rhel-8-for-x86_64-rt-source-rpms',\n 'rhel-8-for-x86_64-rt-tus-debug-rpms',\n 'rhel-8-for-x86_64-rt-tus-rpms',\n 'rhel-8-for-x86_64-rt-tus-source-rpms'\n ],\n 'enterprise_linux_8_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-rpms',\n 'rhel-8-for-s390x-resilientstorage-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-rpms',\n 'rhel-8-for-x86_64-resilientstorage-source-rpms'\n ],\n 'enterprise_linux_8_sap': [\n 'rhel-8-for-s390x-sap-netweaver-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-rpms',\n 'rhel-8-for-s390x-sap-netweaver-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-source-rpms'\n ],\n 'enterprise_linux_8_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-rpms',\n 'rhel-8-for-x86_64-sap-solutions-source-rpms'\n ],\n 'enterprise_linux_8_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-rpms',\n 'rhel-8-for-aarch64-supplementary-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-rpms',\n 'rhel-8-for-s390x-supplementary-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-rpms',\n 'rhel-8-for-x86_64-supplementary-source-rpms'\n ],\n 'rhel_aus_8_4_appstream': [\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms__8_DOT_4'\n ],\n 'rhel_aus_8_4_baseos': [\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_appstream': [\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_baseos': [\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_highavailability': [\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_sap': [\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_appstream': [\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms',\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-appstream-eus-rpms',\n 'rhel-8-for-aarch64-appstream-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-appstream-eus-rpms',\n 'rhel-8-for-s390x-appstream-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-appstream-eus-source-rpms',\n 'rhel-8-for-s390x-appstream-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-eus-rpms',\n 'rhel-8-for-x86_64-appstream-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms'\n ],\n 'rhel_eus_8_4_baseos': [\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms',\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-baseos-eus-rpms',\n 'rhel-8-for-aarch64-baseos-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-baseos-eus-rpms',\n 'rhel-8-for-s390x-baseos-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-baseos-eus-source-rpms',\n 'rhel-8-for-s390x-baseos-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-eus-rpms',\n 'rhel-8-for-x86_64-baseos-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-tus-rpms',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms'\n ],\n 'rhel_eus_8_4_crb': [\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_highavailability': [\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'rhel_eus_8_4_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_sap': [\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_extras_nfv_8': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-nfv-tus-debug-rpms',\n 'rhel-8-for-x86_64-nfv-tus-rpms',\n 'rhel-8-for-x86_64-nfv-tus-source-rpms'\n ],\n 'rhel_extras_rt_8': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-rt-debug-rpms',\n 'rhel-8-for-x86_64-rt-rpms',\n 'rhel-8-for-x86_64-rt-source-rpms',\n 'rhel-8-for-x86_64-rt-tus-debug-rpms',\n 'rhel-8-for-x86_64-rt-tus-rpms',\n 'rhel-8-for-x86_64-rt-tus-source-rpms'\n ],\n 'rhel_tus_8_4_appstream': [\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms__8_DOT_4'\n ],\n 'rhel_tus_8_4_baseos': [\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-tus-rpms',\n 'rhel-8-for-x86_64-baseos-tus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms__8_DOT_4'\n ],\n 'rhel_tus_8_4_highavailability': [\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms__8_DOT_4'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nvar enterprise_linux_flag = rhel_repo_sets_has_enterprise_linux(repo_sets:repo_sets);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'bind-9.11.20-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-9.11.20-5.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-9.11.20-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-chroot-9.11.20-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-chroot-9.11.20-5.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-chroot-9.11.20-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-devel-9.11.20-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-devel-9.11.20-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-devel-9.11.20-5.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-devel-9.11.20-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-export-devel-9.11.20-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-export-devel-9.11.20-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-export-devel-9.11.20-5.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-export-devel-9.11.20-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-export-libs-9.11.20-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-export-libs-9.11.20-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-export-libs-9.11.20-5.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-export-libs-9.11.20-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-libs-9.11.20-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-libs-9.11.20-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-libs-9.11.20-5.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-libs-9.11.20-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-libs-lite-9.11.20-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-libs-lite-9.11.20-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-libs-lite-9.11.20-5.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-libs-lite-9.11.20-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-license-9.11.20-5.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-lite-devel-9.11.20-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-lite-devel-9.11.20-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-lite-devel-9.11.20-5.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-lite-devel-9.11.20-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-pkcs11-9.11.20-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-pkcs11-9.11.20-5.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-pkcs11-9.11.20-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-pkcs11-devel-9.11.20-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-pkcs11-devel-9.11.20-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-pkcs11-devel-9.11.20-5.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-pkcs11-devel-9.11.20-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-pkcs11-libs-9.11.20-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-pkcs11-libs-9.11.20-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-pkcs11-libs-9.11.20-5.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-pkcs11-libs-9.11.20-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-pkcs11-utils-9.11.20-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-pkcs11-utils-9.11.20-5.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-pkcs11-utils-9.11.20-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-sdb-9.11.20-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-sdb-9.11.20-5.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-sdb-9.11.20-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-sdb-chroot-9.11.20-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-sdb-chroot-9.11.20-5.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-sdb-chroot-9.11.20-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-utils-9.11.20-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-utils-9.11.20-5.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'bind-utils-9.11.20-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'python3-bind-9.11.20-5.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'32', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp']) && !enterprise_linux_flag) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bind / bind-chroot / bind-devel / bind-export-devel / bind-export-libs / etc');\n}\n", "cvss": {"score": 4, "vector": "CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2022-08-16T15:39:13", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4500 advisory.\n\n - In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.\n (CVE-2020-8622)\n\n - In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk (*) character, this defect cannot be encountered. A would-be attacker who is allowed to change zone content could theoretically introduce such a record in order to exploit this condition to cause denial of service, though we consider the use of this vector unlikely because any such attack would require a significant privilege level and be easily traceable. (CVE-2020-8619)\n\n - In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with\n --enable-native-pkcs11 * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker (CVE-2020-8623)\n\n - In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone. (CVE-2020-8624)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 4.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}, "published": "2020-11-12T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : bind (ELSA-2020-4500)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8619", "CVE-2020-8622", "CVE-2020-8623", "CVE-2020-8624"], "modified": "2020-11-13T00:00:00", "cpe": ["cpe:2.3:o:oracle:linux:8:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:bind:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:bind-chroot:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:bind-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:bind-libs:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:bind-sdb:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:bind-utils:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:bind-libs-lite:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:bind-license:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:bind-lite-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:bind-pkcs11:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:bind-pkcs11-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:bind-pkcs11-libs:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:bind-pkcs11-utils:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:bind-sdb-chroot:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:bind-export-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:bind-export-libs:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:python3-bind:*:*:*:*:*:*:*"], "id": "ORACLELINUX_ELSA-2020-4500.NASL", "href": "https://www.tenable.com/plugins/nessus/142804", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-4500.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142804);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/13\");\n\n script_cve_id(\n \"CVE-2020-8619\",\n \"CVE-2020-8622\",\n \"CVE-2020-8623\",\n \"CVE-2020-8624\"\n );\n\n script_name(english:\"Oracle Linux 8 : bind (ELSA-2020-4500)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-4500 advisory.\n\n - In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the\n BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating\n the server receiving the TSIG-signed request, could send a truncated response to that request, triggering\n an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to\n correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and\n message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.\n (CVE-2020-8622)\n\n - In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND\n Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service\n for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk\n (*) character, this defect cannot be encountered. A would-be attacker who is allowed to change zone\n content could theoretically introduce such a record in order to exploit this condition to cause denial of\n service, though we consider the use of this vector unlikely because any such attack would require a\n significant privilege level and be easily traceable. (CVE-2020-8619)\n\n - In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the\n BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted\n query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with\n --enable-native-pkcs11 * be signing one or more zones with an RSA key * be able to receive queries from\n a possible attacker (CVE-2020-8623)\n\n - In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also\n affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An\n attacker who has been granted privileges to change a specific subset of the zone's content could abuse\n these unintended additional privileges to update other contents of the zone. (CVE-2020-8624)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-4500.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8624\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-export-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-export-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-libs-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-license\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-lite-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-pkcs11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-pkcs11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-pkcs11-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-pkcs11-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-sdb-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-bind\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\npkgs = [\n {'reference':'bind-9.11.20-5.el8', 'cpu':'aarch64', 'release':'8', 'epoch':'32'},\n {'reference':'bind-9.11.20-5.el8', 'cpu':'x86_64', 'release':'8', 'epoch':'32'},\n {'reference':'bind-chroot-9.11.20-5.el8', 'cpu':'aarch64', 'release':'8', 'epoch':'32'},\n {'reference':'bind-chroot-9.11.20-5.el8', 'cpu':'x86_64', 'release':'8', 'epoch':'32'},\n {'reference':'bind-devel-9.11.20-5.el8', 'cpu':'aarch64', 'release':'8', 'epoch':'32'},\n {'reference':'bind-devel-9.11.20-5.el8', 'cpu':'i686', 'release':'8', 'epoch':'32'},\n {'reference':'bind-devel-9.11.20-5.el8', 'cpu':'x86_64', 'release':'8', 'epoch':'32'},\n {'reference':'bind-export-devel-9.11.20-5.el8', 'cpu':'aarch64', 'release':'8', 'epoch':'32'},\n {'reference':'bind-export-devel-9.11.20-5.el8', 'cpu':'i686', 'release':'8', 'epoch':'32'},\n {'reference':'bind-export-devel-9.11.20-5.el8', 'cpu':'x86_64', 'release':'8', 'epoch':'32'},\n {'reference':'bind-export-libs-9.11.20-5.el8', 'cpu':'aarch64', 'release':'8', 'epoch':'32'},\n {'reference':'bind-export-libs-9.11.20-5.el8', 'cpu':'i686', 'release':'8', 'epoch':'32'},\n {'reference':'bind-export-libs-9.11.20-5.el8', 'cpu':'x86_64', 'release':'8', 'epoch':'32'},\n {'reference':'bind-libs-9.11.20-5.el8', 'cpu':'aarch64', 'release':'8', 'epoch':'32'},\n {'reference':'bind-libs-9.11.20-5.el8', 'cpu':'i686', 'release':'8', 'epoch':'32'},\n {'reference':'bind-libs-9.11.20-5.el8', 'cpu':'x86_64', 'release':'8', 'epoch':'32'},\n {'reference':'bind-libs-lite-9.11.20-5.el8', 'cpu':'aarch64', 'release':'8', 'epoch':'32'},\n {'reference':'bind-libs-lite-9.11.20-5.el8', 'cpu':'i686', 'release':'8', 'epoch':'32'},\n {'reference':'bind-libs-lite-9.11.20-5.el8', 'cpu':'x86_64', 'release':'8', 'epoch':'32'},\n {'reference':'bind-license-9.11.20-5.el8', 'release':'8', 'epoch':'32'},\n {'reference':'bind-lite-devel-9.11.20-5.el8', 'cpu':'aarch64', 'release':'8', 'epoch':'32'},\n {'reference':'bind-lite-devel-9.11.20-5.el8', 'cpu':'i686', 'release':'8', 'epoch':'32'},\n {'reference':'bind-lite-devel-9.11.20-5.el8', 'cpu':'x86_64', 'release':'8', 'epoch':'32'},\n {'reference':'bind-pkcs11-9.11.20-5.el8', 'cpu':'aarch64', 'release':'8', 'epoch':'32'},\n {'reference':'bind-pkcs11-9.11.20-5.el8', 'cpu':'x86_64', 'release':'8', 'epoch':'32'},\n {'reference':'bind-pkcs11-devel-9.11.20-5.el8', 'cpu':'aarch64', 'release':'8', 'epoch':'32'},\n {'reference':'bind-pkcs11-devel-9.11.20-5.el8', 'cpu':'i686', 'release':'8', 'epoch':'32'},\n {'reference':'bind-pkcs11-devel-9.11.20-5.el8', 'cpu':'x86_64', 'release':'8', 'epoch':'32'},\n {'reference':'bind-pkcs11-libs-9.11.20-5.el8', 'cpu':'aarch64', 'release':'8', 'epoch':'32'},\n {'reference':'bind-pkcs11-libs-9.11.20-5.el8', 'cpu':'i686', 'release':'8', 'epoch':'32'},\n {'reference':'bind-pkcs11-libs-9.11.20-5.el8', 'cpu':'x86_64', 'release':'8', 'epoch':'32'},\n {'reference':'bind-pkcs11-utils-9.11.20-5.el8', 'cpu':'aarch64', 'release':'8', 'epoch':'32'},\n {'reference':'bind-pkcs11-utils-9.11.20-5.el8', 'cpu':'x86_64', 'release':'8', 'epoch':'32'},\n {'reference':'bind-sdb-9.11.20-5.el8', 'cpu':'aarch64', 'release':'8', 'epoch':'32'},\n {'reference':'bind-sdb-9.11.20-5.el8', 'cpu':'x86_64', 'release':'8', 'epoch':'32'},\n {'reference':'bind-sdb-chroot-9.11.20-5.el8', 'cpu':'aarch64', 'release':'8', 'epoch':'32'},\n {'reference':'bind-sdb-chroot-9.11.20-5.el8', 'cpu':'x86_64', 'release':'8', 'epoch':'32'},\n {'reference':'bind-utils-9.11.20-5.el8', 'cpu':'aarch64', 'release':'8', 'epoch':'32'},\n {'reference':'bind-utils-9.11.20-5.el8', 'cpu':'x86_64', 'release':'8', 'epoch':'32'},\n {'reference':'python3-bind-9.11.20-5.el8', 'release':'8', 'epoch':'32'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bind / bind-chroot / bind-devel / etc');\n}", "cvss": {"score": 4, "vector": "CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N"}}], "tomcat": [{"lastseen": "2021-12-30T15:23:01", "description": "**Important: HTTP/2 DoS** [CVE-2020-11996](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11996>)\n\nA specially crafted sequence of HTTP/2 requests could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.\n\nThis was fixed with commit [c8acd2ab](<https://github.com/apache/tomcat/commit/c8acd2ab7371e39aeca7c306f3b5380f00afe552>).\n\nThis issue was reported publicly via the Apache Tomcat Users mailing list on 21 May 2020 without reference to the potential for DoS. The DoS risks were identified by the Apache Tomcat Security Team the same day. The issue was made public on 25 June 2020.\n\nAffects: 8.5.0 to 8.5.55", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-06-07T00:00:00", "type": "tomcat", "title": "Fixed in Apache Tomcat 8.5.56", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11996"], "modified": "2020-06-07T00:00:00", "id": "TOMCAT:664B7FB043CE1DA3FFE3E5FB72DB8E6D", "href": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.56", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-12-30T15:23:01", "description": "**Important: HTTP/2 DoS** [CVE-2020-11996](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11996>)\n\nA specially crafted sequence of HTTP/2 requests could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.\n\nThis was fixed with commit [9434a44d](<https://github.com/apache/tomcat/commit/9434a44d3449d620b1be70206819f8275b4a7509>).\n\nThis issue was reported publicly via the Apache Tomcat Users mailing list on 21 May 2020 without reference to the potential for DoS. The DoS risks were identified by the Apache Tomcat Security Team the same day. The issue was made public on 25 June 2020.\n\nAffects: 10.0.0-M1 to 10.0.0-M5", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-06-07T00:00:00", "type": "tomcat", "title": "Fixed in Apache Tomcat 10.0.0-M6", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11996"], "modified": "2020-06-07T00:00:00", "id": "TOMCAT:CCAD5F704056771CAFA7305B5EB8A87E", "href": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M6", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-12-30T15:23:01", "description": "**Important: HTTP/2 DoS** [CVE-2020-11996](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11996>)\n\nA specially crafted sequence of HTTP/2 requests could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.\n\nThis was fixed with commit [9a023168](<https://github.com/apache/tomcat/commit/9a0231683a77e2957cea0fdee88b193b30b0c976>).\n\nThis issue was reported publicly via the Apache Tomcat Users mailing list on 21 May 2020 without reference to the potential for DoS. The DoS risks were identified by the Apache Tomcat Security Team the same day. The issue was made public on 25 June 2020.\n\nAffects: 9.0.0.M1 to 9.0.35", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-06-07T00:00:00", "type": "tomcat", "title": "Fixed in Apache Tomcat 9.0.36", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11996"], "modified": "2020-06-07T00:00:00", "id": "TOMCAT:03526B264C3CCDD4C74F8B8FBF02E5E4", "href": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.36", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntucve": [{"lastseen": "2022-08-04T13:28:06", "description": "A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat\n10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could\ntrigger high CPU usage for several seconds. If a sufficient number of such\nrequests were made on concurrent HTTP/2 connections, the server could\nbecome unresponsive.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | HTTP/2 support introduced in 8.5\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-26T00:00:00", "type": "ubuntucve", "title": "CVE-2020-11996", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11996"], "modified": "2020-06-26T00:00:00", "id": "UB:CVE-2020-11996", "href": "https://ubuntu.com/security/CVE-2020-11996", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-04T13:28:26", "description": "An attacker who is permitted to send zone data to a server via zone\ntransfer can exploit this to intentionally trigger the assertion failure\nwith a specially constructed zone, denying service to clients.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[amurray](<https://launchpad.net/~amurray>) | Affects version 9.16.0 through 9.16.3\n", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 4.9, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-17T00:00:00", "type": "ubuntucve", "title": "CVE-2020-8618", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8618"], "modified": "2020-06-17T00:00:00", "id": "UB:CVE-2020-8618", "href": "https://ubuntu.com/security/CVE-2020-8618", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2022-08-04T13:28:25", "description": "In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND\n9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1:\nUnless a nameserver is providing authoritative service for one or more\nzones and at least one zone contains an empty non-terminal entry containing\nan asterisk (\"*\") character, this defect cannot be encountered. A would-be\nattacker who is allowed to change zone content could theoretically\nintroduce such a record in order to exploit this condition to cause denial\nof service, though we consider the use of this vector unlikely because any\nsuch attack would require a significant privilege level and be easily\ntraceable.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | upstream advisory says BIND 9.11.14 -&gt; 9.11.19, probably introduced in race condition fixes introduced in 9.11.4.\n", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 4.9, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-17T00:00:00", "type": "ubuntucve", "title": "CVE-2020-8619", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8619"], "modified": "2020-06-17T00:00:00", "id": "UB:CVE-2020-8619", "href": "https://ubuntu.com/security/CVE-2020-8619", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}], "github": [{"lastseen": "2022-04-15T14:32:07", "description": "A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-02-09T23:01:22", "type": "github", "title": "Uncontrolled Resource Consumption in Apache Tomcat", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11996"], "modified": "2022-02-09T23:03:59", "id": "GHSA-53HP-JPWQ-2JGQ", "href": "https://github.com/advisories/GHSA-53hp-jpwq-2jgq", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "suse": [{"lastseen": "2022-04-18T12:41:14", "description": "An update that fixes one vulnerability is now available.\n\nDescription:\n\n This update for tomcat fixes the following issues:\n\n Tomcat was updated to 9.0.36 See changelog at\n\n - CVE-2020-11996: Fixed an issue which by sending a specially crafted\n sequence of HTTP/2 requests could have triggered high CPU usage for\n several seconds making potentially the server unresponsive (bsc#1173389).\n\n This update was imported from the SUSE:SLE-15-SP2:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2020-1063=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-26T00:00:00", "type": "suse", "title": "Security update for tomcat (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11996"], "modified": "2020-07-26T00:00:00", "id": "OPENSUSE-SU-2020:1063-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BNVJYIB3HTCMCBROV6W6YIAOK6E5VDNW/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-16T20:27:36", "description": "An update that fixes one vulnerability is now available.\n\nDescription:\n\n This update for tomcat fixes the following issues:\n\n Tomcat was updated to 9.0.36 See changelog at\n\n - CVE-2020-11996: Fixed an issue which by sending a specially crafted\n sequence of HTTP/2 requests could have triggered high CPU usage for\n several seconds making potentially the server unresponsive (bsc#1173389).\n\n This update was imported from the SUSE:SLE-15-SP1:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-1051=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-23T00:00:00", "type": "suse", "title": "Security update for tomcat (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11996"], "modified": "2020-07-23T00:00:00", "id": "OPENSUSE-SU-2020:1051-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3V7X3IWA53FRK7AHHX6TLLX6ZDE5CAEM/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-04-18T12:40:59", "description": "An update that solves 12 vulnerabilities and has 8 fixes is\n now available.\n\nDescription:\n\n This update for bind fixes the following issues:\n\n BIND was upgraded to version 9.16.6:\n\n Note:\n\n - bind is now more strict in regards to DNSSEC. If queries are not\n working, check for DNSSEC issues. For instance, if bind is used in a\n namserver forwarder chain, the forwarding DNS servers must support\n DNSSEC.\n\n Fixing security issues:\n\n - CVE-2020-8616: Further limit the number of queries that can be triggered\n from a request. Root and TLD servers are no longer exempt from\n max-recursion-queries. Fetches for missing name server. (bsc#1171740)\n Address records are limited to 4 for any domain.\n - CVE-2020-8617: Replaying a TSIG BADTIME response as a request could\n trigger an assertion failure. (bsc#1171740)\n - CVE-2019-6477: Fixed an issue where TCP-pipelined queries could bypass\n the tcp-clients limit (bsc#1157051).\n - CVE-2018-5741: Fixed the documentation (bsc#1109160).\n - CVE-2020-8618: It was possible to trigger an INSIST when determining\n whether a record would fit into a TCP message buffer (bsc#1172958).\n - CVE-2020-8619: It was possible to trigger an INSIST in\n lib/dns/rbtdb.c:new_reference() with a particular zone content and query\n patterns (bsc#1172958).\n - CVE-2020-8624: \"update-policy\" rules of type \"subdomain\" were\n incorrectly treated as \"zonesub\" rules, which allowed keys used in\n \"subdomain\" rules to update names outside\n of the specified subdomains. The problem was fixed by making sure\n \"subdomain\" rules are again processed as described in the ARM\n (bsc#1175443).\n - CVE-2020-8623: When BIND 9 was compiled with native PKCS#11 support, it\n was possible to trigger an assertion failure in code determining the\n number of bits in the PKCS#11 RSA public key with a specially crafted\n packet (bsc#1175443).\n - CVE-2020-8621: named could crash in certain query resolution scenarios\n where QNAME minimization and forwarding were both enabled (bsc#1175443).\n - CVE-2020-8620: It was possible to trigger an assertion failure by\n sending a specially crafted large TCP DNS message (bsc#1175443).\n - CVE-2020-8622: It was possible to trigger an assertion failure when\n verifying the response to a TSIG-signed request (bsc#1175443).\n\n Other issues fixed:\n\n - Add engine support to OpenSSL EdDSA implementation.\n - Add engine support to OpenSSL ECDSA implementation.\n - Update PKCS#11 EdDSA implementation to PKCS#11 v3.0.\n - Warn about AXFR streams with inconsistent message IDs.\n - Make ISC rwlock implementation the default again.\n - Fixed issues when using cookie-secrets for AES and SHA2 (bsc#1161168)\n - Installed the default files in /var/lib/named and created chroot\n environment on systems using transactional-updates (bsc#1100369,\n fate#325524)\n - Fixed an issue where bind was not working in FIPS mode (bsc#906079).\n - Fixed dependency issues (bsc#1118367 and bsc#1118368).\n - GeoIP support is now discontinued, now GeoIP2 is used(bsc#1156205).\n - Fixed an issue with FIPS (bsc#1128220).\n - The liblwres library is discontinued upstream and is no longer included.\n - Added service dependency on NTP to make sure the clock is accurate when\n bind is starts (bsc#1170667, bsc#1170713).\n - Reject DS records at the zone apex when loading master files. Log but\n otherwise ignore attempts to add DS records at the zone apex via UPDATE.\n - The default value of \"max-stale-ttl\" has been changed from 1 week to 12\n hours.\n - Zone timers are now exported via statistics channel.\n - The \"primary\" and \"secondary\" keywords, when used as parameters for\n \"check-names\", were not processed correctly and were being ignored.\n - 'rndc dnstap -roll <value>' did not limit the number of saved files to\n <value>.\n - Add 'rndc dnssec -status' command.\n - Addressed a couple of situations where named could crash.\n - Changed /var/lib/named to owner root:named and perms rwxrwxr-t so that\n named, being a/the only member of the \"named\" group has full r/w access\n yet cannot change directories owned by root in the case of a compromized\n named. [bsc#1173307, bind-chrootenv.conf]\n - Added \"/etc/bind.keys\" to NAMED_CONF_INCLUDE_FILES in\n /etc/sysconfig/named to suppress warning message re missing file\n (bsc#1173983).\n - Removed \"-r /dev/urandom\" from all invocations of rndc-confgen\n (init/named system/lwresd.init system/named.init in vendor-files) as\n this option is deprecated and causes rndc-confgen to fail. (bsc#1173311,\n bsc#1176674, bsc#1170713)\n - /usr/bin/genDDNSkey: Removing the use of the -r option in the call\n of /usr/sbin/dnssec-keygen as BIND now uses the random number functions\n provided by the crypto library (i.e., OpenSSL or a PKCS#11 provider) as\n a source of randomness rather than /dev/random. Therefore the -r\n command line option no longer has any effect on dnssec-keygen. Leaving\n the option in genDDNSkey as to not break compatibility. Patch provided\n by Stefan Eisenwiener. [bsc#1171313]\n - Put libns into a separate subpackage to avoid file conflicts in the\n libisc subpackage due to different sonums (bsc#1176092).\n - Require /sbin/start_daemon: both init scripts, the one used in systemd\n context as well as legacy sysv, make use of start_daemon.\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-1701=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2020-10-20T00:00:00", "type": "suse", "title": "Security update for bind (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3136", "CVE-2018-5741", "CVE-2019-6477", "CVE-2020-8616", "CVE-2020-8617", "CVE-2020-8618", "CVE-2020-8619", "CVE-2020-8620", "CVE-2020-8621", "CVE-2020-8622", "CVE-2020-8623", "CVE-2020-8624"], "modified": "2020-10-20T00:00:00", "id": "OPENSUSE-SU-2020:1701-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5DSIJXYG3NFNRGFIFTMKBYDE6QWREQSP/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-16T20:27:22", "description": "An update that solves 12 vulnerabilities and has 8 fixes is\n now available.\n\nDescription:\n\n This update for bind fixes the following issues:\n\n BIND was upgraded to version 9.16.6:\n\n Note:\n\n - bind is now more strict in regards to DNSSEC. If queries are not\n working, check for DNSSEC issues. For instance, if bind is used in a\n namserver forwarder chain, the forwarding DNS servers must support\n DNSSEC.\n\n Fixing security issues:\n\n - CVE-2020-8616: Further limit the number of queries that can be triggered\n from a request. Root and TLD servers are no longer exempt from\n max-recursion-queries. Fetches for missing name server. (bsc#1171740)\n Address records are limited to 4 for any domain.\n - CVE-2020-8617: Replaying a TSIG BADTIME response as a request could\n trigger an assertion failure. (bsc#1171740)\n - CVE-2019-6477: Fixed an issue where TCP-pipelined queries could bypass\n the tcp-clients limit (bsc#1157051).\n - CVE-2018-5741: Fixed the documentation (bsc#1109160).\n - CVE-2020-8618: It was possible to trigger an INSIST when determining\n whether a record would fit into a TCP message buffer (bsc#1172958).\n - CVE-2020-8619: It was possible to trigger an INSIST in\n lib/dns/rbtdb.c:new_reference() with a particular zone content and query\n patterns (bsc#1172958).\n - CVE-2020-8624: \"update-policy\" rules of type \"subdomain\" were\n incorrectly treated as \"zonesub\" rules, which allowed keys used in\n \"subdomain\" rules to update names outside\n of the specified subdomains. The problem was fixed by making sure\n \"subdomain\" rules are again processed as described in the ARM\n (bsc#1175443).\n - CVE-2020-8623: When BIND 9 was compiled with native PKCS#11 support, it\n was possible to trigger an assertion failure in code determining the\n number of bits in the PKCS#11 RSA public key with a specially crafted\n packet (bsc#1175443).\n - CVE-2020-8621: named could crash in certain query resolution scenarios\n where QNAME minimization and forwarding were both enabled (bsc#1175443).\n - CVE-2020-8620: It was possible to trigger an assertion failure by\n sending a specially crafted large TCP DNS message (bsc#1175443).\n - CVE-2020-8622: It was possible to trigger an assertion failure when\n verifying the response to a TSIG-signed request (bsc#1175443).\n\n Other issues fixed:\n\n - Add engine support to OpenSSL EdDSA implementation.\n - Add engine support to OpenSSL ECDSA implementation.\n - Update PKCS#11 EdDSA implementation to PKCS#11 v3.0.\n - Warn about AXFR streams with inconsistent message IDs.\n - Make ISC rwlock implementation the default again.\n - Fixed issues when using cookie-secrets for AES and SHA2 (bsc#1161168)\n - Installed the default files in /var/lib/named and created chroot\n environment on systems using transactional-updates (bsc#1100369,\n fate#325524)\n - Fixed an issue where bind was not working in FIPS mode (bsc#906079).\n - Fixed dependency issues (bsc#1118367 and bsc#1118368).\n - GeoIP support is now discontinued, now GeoIP2 is used(bsc#1156205).\n - Fixed an issue with FIPS (bsc#1128220).\n - The liblwres library is discontinued upstream and is no longer included.\n - Added service dependency on NTP to make sure the clock is accurate when\n bind is starts (bsc#1170667, bsc#1170713).\n - Reject DS records at the zone apex when loading master files. Log but\n otherwise ignore attempts to add DS records at the zone apex via UPDATE.\n - The default value of \"max-stale-ttl\" has been changed from 1 week to 12\n hours.\n - Zone timers are now exported via statistics channel.\n - The \"primary\" and \"secondary\" keywords, when used as parameters for\n \"check-names\", were not processed correctly and were being ignored.\n - 'rndc dnstap -roll <value>' did not limit the number of saved files to\n <value>.\n - Add 'rndc dnssec -status' command.\n - Addressed a couple of situations where named could crash.\n - Changed /var/lib/named to owner root:named and perms rwxrwxr-t so that\n named, being a/the only member of the \"named\" group has full r/w access\n yet cannot change directories owned by root in the case of a compromized\n named. [bsc#1173307, bind-chrootenv.conf]\n - Added \"/etc/bind.keys\" to NAMED_CONF_INCLUDE_FILES in\n /etc/sysconfig/named to suppress warning message re missing file\n (bsc#1173983).\n - Removed \"-r /dev/urandom\" from all invocations of rndc-confgen\n (init/named system/lwresd.init system/named.init in vendor-files) as\n this option is deprecated and causes rndc-confgen to fail. (bsc#1173311,\n bsc#1176674, bsc#1170713)\n - /usr/bin/genDDNSkey: Removing the use of the -r option in the call\n of /usr/sbin/dnssec-keygen as BIND now uses the random number functions\n provided by the crypto library (i.e., OpenSSL or a PKCS#11 provider) as\n a source of randomness rather than /dev/random. Therefore the -r\n command line option no longer has any effect on dnssec-keygen. Leaving\n the option in genDDNSkey as to not break compatibility. Patch provided\n by Stefan Eisenwiener. [bsc#1171313]\n - Put libns into a separate subpackage to avoid file conflicts in the\n libisc subpackage due to different sonums (bsc#1176092).\n - Require /sbin/start_daemon: both init scripts, the one used in systemd\n context as well as legacy sysv, make use of start_daemon.\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2020-1699=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2020-10-19T00:00:00", "type": "suse", "title": "Security update for bind (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3136", "CVE-2018-5741", "CVE-2019-6477", "CVE-2020-8616", "CVE-2020-8617", "CVE-2020-8618", "CVE-2020-8619", "CVE-2020-8620", "CVE-2020-8621", "CVE-2020-8622", "CVE-2020-8623", "CVE-2020-8624"], "modified": "2020-10-19T00:00:00", "id": "OPENSUSE-SU-2020:1699-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VUOYW2V65CJWOTYJHZKJDB23QXG7SODU/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2022-03-23T12:26:25", "description": "A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-26T17:15:00", "type": "cve", "title": "CVE-2020-11996", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11996"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04", "cpe:/o:debian:debian_linux:10.0", "cpe:/a:apache:tomcat:9.0.0", "cpe:/o:opensuse:leap:15.1", "cpe:/a:apache:tomcat:10.0.0", "cpe:/a:apache:tomcat:8.5.55", "cpe:/a:oracle:siebel_ui_framework:20.12", "cpe:/a:oracle:workload_manager:18c", "cpe:/o:debian:debian_linux:9.0", "cpe:/a:netapp:oncommand_system_manager:3.0", "cpe:/o:opensuse:leap:15.2", "cpe:/a:netapp:oncommand_system_manager:3.1.3", "cpe:/a:apache:tomcat:9.0.35", "cpe:/a:oracle:mysql_enterprise_monitor:8.0.21", "cpe:/a:oracle:workload_manager:12.2.0.1", "cpe:/a:oracle:workload_manager:19c"], "id": "CVE-2020-11996", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11996", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.0.0:milestone3:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.0.0:milestone1:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*", "cpe:2.3:a:oracle:workload_manager:18c:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:workload_manager:19c:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*", "cpe:2.3:a:oracle:workload_manager:12.2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:oncommand_system_manager:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.0.0:milestone4:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.0.0:milestone5:*:*:*:*:*:*", "cpe:2.3:a:oracle:siebel_ui_framework:20.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*", "cpe:2.3:a:netapp:oncommand_system_manager:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.0.0:milestone2:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.55:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T19:00:55", "description": "An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 4.9, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-17T22:15:00", "type": "cve", "title": "CVE-2020-8618", "cwe": ["CWE-617"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8618"], "modified": "2020-10-20T12:15:00", "cpe": ["cpe:/a:isc:bind:9.16.3"], "id": "CVE-2020-8618", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8618", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:isc:bind:9.16.3:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T19:00:56", "description": "In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk (\"*\") character, this defect cannot be encountered. A would-be attacker who is allowed to change zone content could theoretically introduce such a record in order to exploit this condition to cause denial of service, though we consider the use of this vector unlikely because any such attack would require a significant privilege level and be easily traceable.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 4.9, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-17T22:15:00", "type": "cve", "title": "CVE-2020-8619", "cwe": ["CWE-404"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8619"], "modified": "2020-10-20T12:15:00", "cpe": ["cpe:/a:isc:bind:9.16.3", "cpe:/o:fedoraproject:fedora:32", "cpe:/a:isc:bind:9.11.19-s1", "cpe:/a:isc:bind:9.11.19", "cpe:/a:isc:bind:9.14.12"], "id": "CVE-2020-8619", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8619", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:isc:bind:9.16.3:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.14.12:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.11.19:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.11.19-s1:*:*:*:preview:*:*:*"]}], "redhatcve": [{"lastseen": "2022-08-06T08:43:40", "description": "A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-26T13:50:58", "type": "redhatcve", "title": "CVE-2020-11996", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11996"], "modified": "2022-08-06T08:00:29", "id": "RH:CVE-2020-11996", "href": "https://access.redhat.com/security/cve/cve-2020-11996", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-07T17:39:19", "description": "An assertion check flaw caused by a buffer boundary check condition was found in BIND. A remote attacker could trigger this flaw via a large response, during zone transfer. The highest threat from this vulnerability is to system availability.\n", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 4.9, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-18T05:24:58", "type": "redhatcve", "title": "CVE-2020-8618", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8618"], "modified": "2022-07-07T14:53:20", "id": "RH:CVE-2020-8618", "href": "https://access.redhat.com/security/cve/cve-2020-8618", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2022-07-07T17:39:16", "description": "A flaw was found in bind when an asterisk character is present in an empty non-terminal location within the DNS graph. This flaw could trigger an assertion failure, causing bind to crash. The highest threat from this vulnerability is to system availability.\n#### Mitigation\n\nAs per upstream advisory: Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk (&quot;*&quot;) character this defect cannot be encountered. \n\n\nA would-be attacker who is allowed to change zone content could theoretically introduce such a record in order to exploit this condition to cause denial of service, though we consider the use of this vector unlikely because any such attack would require a significant privilege level and be easily traceable. \n\n", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 4.9, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-18T05:25:00", "type": "redhatcve", "title": "CVE-2020-8619", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8619"], "modified": "2022-07-07T14:53:22", "id": "RH:CVE-2020-8619", "href": "https://access.redhat.com/security/cve/cve-2020-8619", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}], "checkpoint_advisories": [{"lastseen": "2022-02-16T19:31:32", "description": "A denial of service vulnerability exists in Apache Tomcat. A remote, unauthenticated attacker could exploit this vulnerability by sending a specially crafted HTTP2 packet to a vulnerable server. Successful exploitation of this vulnerability could result in denial of service conditions.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-11-14T00:00:00", "type": "checkpoint_advisories", "title": "Apache Tomcat Denial of Service (CVE-2020-11996)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11996"], "modified": "2021-11-14T00:00:00", "id": "CPAI-2020-3387", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2021-10-19T20:37:01", "description": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 5.4 serves as a replacement for Red Hat JBoss Web Server 5.3, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References.\n\nSecurity Fix(es):\n\n* tomcat: specially crafted sequence of HTTP/2 requests can lead to DoS (CVE-2020-11996)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-11-23T12:00:02", "type": "redhat", "title": "(RHSA-2020:5170) Moderate: Red Hat JBoss Web Server 5.4 security release", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11996"], "modified": "2020-11-23T12:06:49", "id": "RHSA-2020:5170", "href": "https://access.redhat.com/errata/RHSA-2020:5170", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-19T20:40:34", "description": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 5.4 serves as a replacement for Red Hat JBoss Web Server 5.3, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References.\n\nSecurity Fix(es):\n\n* tomcat: specially crafted sequence of HTTP/2 requests can lead to DoS (CVE-2020-11996)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-11-23T12:01:21", "type": "redhat", "title": "(RHSA-2020:5173) Moderate: Red Hat JBoss Web Server 5.4 security release", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11996"], "modified": "2020-11-23T12:02:25", "id": "RHSA-2020:5173", "href": "https://access.redhat.com/errata/RHSA-2020:5173", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-19T20:39:14", "description": "Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform.\n\nThis release of Red Hat support for Spring Boot 2.2.11 serves as a replacement for Red Hat support for Spring Boot 2.2.10, and includes security and bug fixes and enhancements. For more information, see the release notes listed in the References section.\n\nSecurity Fix(es):\n\n * hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used (CVE-2020-25638)\n\n * tomcat: specially crafted sequence of HTTP/2 requests can lead to DoS (CVE-2020-11996)\n\nFor more details about the security issues and their impact, the CVSS score, acknowledgements, and other related information, see the CVE pages listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-01-07T11:45:22", "type": "redhat", "title": "(RHSA-2020:5388) Important: Red Hat support for Spring Boot 2.2.11 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11996", "CVE-2020-25638"], "modified": "2021-01-07T11:46:05", "id": "RHSA-2020:5388", "href": "https://access.redhat.com/errata/RHSA-2020:5388", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-10-19T20:36:39", "description": "Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform.\n\nThis release of Red Hat support for Spring Boot 2.3.6 serves as a replacement for Red Hat support for Spring Boot 2.3.4, and includes security and bug fixes and enhancements. For more information, see the release notes listed in the References section.\n\nSecurity Fix(es):\n\n* hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used (CVE-2020-25638)\n\n* tomcat: specially crafted sequence of HTTP/2 requests can lead to DoS (CVE-2020-11996)\n\nFor more details about the security issues and their impact, the CVSS score, acknowledgements, and other related information, see the CVE pages listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-02-02T10:21:06", "type": "redhat", "title": "(RHSA-2021:0292) Important: Red Hat support for Spring Boot 2.3.6 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11996", "CVE-2020-25638"], "modified": "2021-02-02T10:21:46", "id": "RHSA-2021:0292", "href": "https://access.redhat.com/errata/RHSA-2021:0292", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-10-19T20:37:56", "description": "The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nThe following packages have been upgraded to a later upstream version: bind (9.11.20). (BZ#1818785)\n\nSecurity Fix(es):\n\n* bind: asterisk character in an empty non-terminal can cause an assertion failure in rbtdb.c (CVE-2020-8619)\n\n* bind: truncated TSIG response can lead to an assertion failure (CVE-2020-8622)\n\n* bind: remotely triggerable assertion failure in pk11.c (CVE-2020-8623)\n\n* bind: incorrect enforcement of update-policy rules of type \"subdomain\" (CVE-2020-8624)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-11-03T12:10:19", "type": "redhat", "title": "(RHSA-2020:4500) Moderate: bind security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8619", "CVE-2020-8622", "CVE-2020-8623", "CVE-2020-8624"], "modified": "2020-11-04T00:04:14", "id": "RHSA-2020:4500", "href": "https://access.redhat.com/errata/RHSA-2020:4500", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-03-31T19:30:00", "description": "This release of Red Hat Fuse 7.9.0 serves as a replacement for Red Hat Fuse 7.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* hawtio-osgi (CVE-2017-5645)\n\n* prometheus-jmx-exporter: snakeyaml (CVE-2017-18640)\n\n* apache-commons-compress (CVE-2019-12402)\n\n* karaf-transaction-manager-narayana: netty (CVE-2019-16869, CVE-2019-20445)\n\n* tomcat (CVE-2020-1935, CVE-2020-1938, CVE-2020-9484, CVE-2020-13934, CVE-2020-13935, CVE-2020-11996)\n\n* spring-cloud-config-server (CVE-2020-5410)\n\n* velocity (CVE-2020-13936)\n\n* httpclient: apache-httpclient (CVE-2020-13956)\n\n* shiro-core: shiro (CVE-2020-17510)\n\n* hibernate-core (CVE-2020-25638)\n\n* wildfly-openssl (CVE-2020-25644)\n\n* jetty (CVE-2020-27216, CVE-2021-28165)\n\n* bouncycastle (CVE-2020-28052)\n\n* wildfly (CVE-2019-14887, CVE-2020-25640)\n\n* resteasy-jaxrs: resteasy (CVE-2020-1695)\n\n* camel-olingo4 (CVE-2020-1925)\n\n* springframework (CVE-2020-5421)\n\n* jsf-impl: Mojarra (CVE-2020-6950)\n\n* resteasy (CVE-2020-10688)\n\n* hibernate-validator (CVE-2020-10693)\n\n* wildfly-elytron (CVE-2020-10714)\n\n* undertow (CVE-2020-10719)\n\n* activemq (CVE-2020-13920)\n\n* cxf-core: cxf (CVE-2020-13954)\n\n* fuse-apicurito-operator-container: golang.org/x/text (CVE-2020-14040)\n\n* jboss-ejb-client: wildfly (CVE-2020-14297)\n\n* xercesimpl: wildfly (CVE-2020-14338)\n\n* xnio (CVE-2020-14340)\n\n* flink: apache-flink (CVE-2020-17518)\n\n* resteasy-client (CVE-2020-25633)\n\n* xstream (CVE-2020-26258)\n\n* mybatis (CVE-2020-26945)\n\n* pdfbox (CVE-2021-27807, CVE-2021-27906)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-11T18:18:10", "type": "redhat", "title": "(RHSA-2021:3140) Moderate: Red Hat Fuse 7.9.0 release and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18640", "CVE-2017-5645", "CVE-2019-12402", "CVE-2019-14887", "CVE-2019-16869", "CVE-2019-20445", "CVE-2020-10688", "CVE-2020-10693", "CVE-2020-10714", "CVE-2020-10719", "CVE-2020-11996", "CVE-2020-13920", "CVE-2020-13934", "CVE-2020-13935", "CVE-2020-13936", "CVE-2020-13954", "CVE-2020-13956", "CVE-2020-14040", "CVE-2020-14297", "CVE-2020-14338", "CVE-2020-14340", "CVE-2020-1695", "CVE-2020-17510", "CVE-2020-17518", "CVE-2020-1925", "CVE-2020-1935", "CVE-2020-1938", "CVE-2020-25633", "CVE-2020-25638", "CVE-2020-25640", "CVE-2020-25644", "CVE-2020-26258", "CVE-2020-26945", "CVE-2020-27216", "CVE-2020-28052", "CVE-2020-5410", "CVE-2020-5421", "CVE-2020-6950", "CVE-2020-9484", "CVE-2021-27568", "CVE-2021-27807", "CVE-2021-27906", "CVE-2021-28165"], "modified": "2021-11-11T09:25:09", "id": "RHSA-2021:3140", "href": "https://access.redhat.com/errata/RHSA-2021:3140", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T20:38:28", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration (CVE-2020-24750)\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n\n* golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.7.0. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHEA-2020:5633\n\nAll OpenShift Container Platform users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n-between-minor.html#understanding-upgrade-channels_updating-cluster-between\n-minor.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-02-24T14:47:52", "type": "redhat", "title": "(RHSA-2020:5635) Moderate: OpenShift Container Platform 4.7.0 extras and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20843", "CVE-2019-13050", "CVE-2019-13225", "CVE-2019-13627", "CVE-2019-14889", "CVE-2019-15165", "CVE-2019-15903", "CVE-2019-16168", "CVE-2019-16935", "CVE-2019-17450", "CVE-2019-17546", "CVE-2019-19221", "CVE-2019-19906", "CVE-2019-19956", "CVE-2019-20218", "CVE-2019-20387", "CVE-2019-20388", "CVE-2019-20454", "CVE-2019-20807", "CVE-2019-20907", "CVE-2019-20916", "CVE-2019-3884", "CVE-2019-5018", "CVE-2019-8625", "CVE-2019-8710", "CVE-2019-8720", "CVE-2019-8743", "CVE-2019-8764", "CVE-2019-8766", "CVE-2019-8769", "CVE-2019-8771", "CVE-2019-8782", "CVE-2019-8783", "CVE-2019-8808", "CVE-2019-8811", "CVE-2019-8812", "CVE-2019-8813", "CVE-2019-8814", "CVE-2019-8815", "CVE-2019-8816", "CVE-2019-8819", "CVE-2019-8820", "CVE-2019-8823", "CVE-2019-8835", "CVE-2019-8844", "CVE-2019-8846", "CVE-2020-10018", "CVE-2020-10029", "CVE-2020-11793", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-13632", "CVE-2020-14040", "CVE-2020-14382", "CVE-2020-14391", "CVE-2020-14422", "CVE-2020-15157", "CVE-2020-15503", "CVE-2020-15999", "CVE-2020-1730", "CVE-2020-1751", "CVE-2020-1752", "CVE-2020-1971", "CVE-2020-24659", "CVE-2020-24750", "CVE-2020-25211", "CVE-2020-25658", "CVE-2020-29652", "CVE-2020-3862", "CVE-2020-3864", "CVE-2020-3865", "CVE-2020-3867", "CVE-2020-3868", "CVE-2020-3885", "CVE-2020-3894", "CVE-2020-3895", "CVE-2020-3897", "CVE-2020-3898", "CVE-2020-3899", "CVE-2020-3900", "CVE-2020-3901", "CVE-2020-3902", "CVE-2020-6405", "CVE-2020-7595", "CVE-2020-8492", "CVE-2020-8566", "CVE-2020-8619", "CVE-2020-8622", "CVE-2020-8623", "CVE-2020-8624", "CVE-2020-9327", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850", "CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925", "CVE-2021-3121"], "modified": "2021-03-02T17:28:43", "id": "RHSA-2020:5635", "href": "https://access.redhat.com/errata/RHSA-2020:5635", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T20:37:49", "description": "OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.\n\nThis advisory contains the following OpenShift Virtualization 2.6.0 images:\n\nRHEL-8-CNV-2.6\n==============\nkubevirt-cpu-node-labeller-container-v2.6.0-5\nkubevirt-cpu-model-nfd-plugin-container-v2.6.0-5\nnode-maintenance-operator-container-v2.6.0-13\nkubevirt-vmware-container-v2.6.0-5\nvirtio-win-container-v2.6.0-5\nkubevirt-kvm-info-nfd-plugin-container-v2.6.0-5\nbridge-marker-container-v2.6.0-9\nkubevirt-template-validator-container-v2.6.0-9\nkubevirt-v2v-conversion-container-v2.6.0-6\nkubemacpool-container-v2.6.0-13\nkubevirt-ssp-operator-container-v2.6.0-40\nhyperconverged-cluster-webhook-container-v2.6.0-73\nhyperconverged-cluster-operator-container-v2.6.0-73\novs-cni-plugin-container-v2.6.0-10\ncnv-containernetworking-plugins-container-v2.6.0-10\novs-cni-marker-container-v2.6.0-10\ncluster-network-addons-operator-container-v2.6.0-16\nhostpath-provisioner-container-v2.6.0-11\nhostpath-provisioner-operator-container-v2.6.0-14\nvm-import-virtv2v-container-v2.6.0-21\nkubernetes-nmstate-handler-container-v2.6.0-19\nvm-import-controller-container-v2.6.0-21\nvm-import-operator-container-v2.6.0-21\nvirt-api-container-v2.6.0-111\nvirt-controller-container-v2.6.0-111\nvirt-handler-container-v2.6.0-111\nvirt-operator-container-v2.6.0-111\nvirt-launcher-container-v2.6.0-111\ncnv-must-gather-container-v2.6.0-54\nvirt-cdi-importer-container-v2.6.0-24\nvirt-cdi-cloner-container-v2.6.0-24\nvirt-cdi-controller-container-v2.6.0-24\nvirt-cdi-uploadserver-container-v2.6.0-24\nvirt-cdi-apiserver-container-v2.6.0-24\nvirt-cdi-uploadproxy-container-v2.6.0-24\nvirt-cdi-operator-container-v2.6.0-24\nhco-bundle-registry-container-v2.6.0-582\n\nSecurity Fix(es):\n\n* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283)\n\n* golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference (CVE-2020-29652)\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n\n* golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)\n\n* golang: data race in certain net/http servers including ReverseProxy can lead to DoS (CVE-2020-15586)\n\n* golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845)\n\n* jwt-go: access restriction bypass vulnerability (CVE-2020-26160)\n\n* golang-github-gorilla-websocket: integer overflow leads to denial of service (CVE-2020-27813)\n\n* golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)\n\n* containernetworking-cni: Arbitrary path injection via type field in CNI configuration (CVE-2021-20206)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-03-10T08:47:39", "type": "redhat", "title": "(RHSA-2021:0799) Moderate: OpenShift Virtualization 2.6.0 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16451", "CVE-2018-16452", "CVE-2018-20843", "CVE-2019-11068", "CVE-2019-13050", "CVE-2019-13627", "CVE-2019-14559", "CVE-2019-14889", "CVE-2019-15165", "CVE-2019-15166", "CVE-2019-15903", "CVE-2019-16168", "CVE-2019-16935", "CVE-2019-17450", "CVE-2019-18197", "CVE-2019-19221", "CVE-2019-19906", "CVE-2019-19956", "CVE-2019-20218", "CVE-2019-20387", "CVE-2019-20388", "CVE-2019-20454", "CVE-2019-20807", "CVE-2019-20907", "CVE-2019-20916", "CVE-2019-5018", "CVE-2019-8625", "CVE-2019-8710", "CVE-2019-8720", "CVE-2019-8743", "CVE-2019-8764", "CVE-2019-8766", "CVE-2019-8769", "CVE-2019-8771", "CVE-2019-8782", "CVE-2019-8783", "CVE-2019-8808", "CVE-2019-8811", "CVE-2019-8812", "CVE-2019-8813", "CVE-2019-8814", "CVE-2019-8815", "CVE-2019-8816", "CVE-2019-8819", "CVE-2019-8820", "CVE-2019-8823", "CVE-2019-8835", "CVE-2019-8844", "CVE-2019-8846", "CVE-2020-10018", "CVE-2020-10029", "CVE-2020-11793", "CVE-2020-12321", "CVE-2020-12400", "CVE-2020-12403", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-13632", "CVE-2020-14040", "CVE-2020-14351", "CVE-2020-14382", "CVE-2020-14391", "CVE-2020-14422", "CVE-2020-15503", "CVE-2020-15586", "CVE-2020-15999", "CVE-2020-16845", "CVE-2020-1730", "CVE-2020-1751", "CVE-2020-1752", "CVE-2020-1971", "CVE-2020-24659", "CVE-2020-25681", "CVE-2020-25682", "CVE-2020-25683", "CVE-2020-25684", "CVE-2020-25685", "CVE-2020-25686", "CVE-2020-25687", "CVE-2020-25705", "CVE-2020-26160", "CVE-2020-27813", "CVE-2020-28362", "CVE-2020-29652", "CVE-2020-29661", "CVE-2020-3862", "CVE-2020-3864", "CVE-2020-3865", "CVE-2020-3867", "CVE-2020-3868", "CVE-2020-3885", "CVE-2020-3894", "CVE-2020-3895", "CVE-2020-3897", "CVE-2020-3899", "CVE-2020-3900", "CVE-2020-3901", "CVE-2020-3902", "CVE-2020-6405", "CVE-2020-6829", "CVE-2020-7595", "CVE-2020-8492", "CVE-2020-8619", "CVE-2020-8622", "CVE-2020-8623", "CVE-2020-8624", "CVE-2020-9283", "CVE-2020-9327", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850", "CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925", "CVE-2021-20206", "CVE-2021-3121", "CVE-2021-3156"], "modified": "2021-03-10T08:48:38", "id": "RHSA-2021:0799", "href": "https://access.redhat.com/errata/RHSA-2021:0799", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T20:38:19", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.7.0. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2020:5634\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nYou may download the oc tool and use it to inspect release image metadata as follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.0-x86_64\n\nThe image digest is sha256:d74b1cfa81f8c9cc23336aee72d8ae9c9905e62c4874b071317a078c316f8a70\n\n(For s390x architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.0-s390x\n\nThe image digest is sha256:a68ca03d87496ddfea0ac26b82af77231583a58a7836b95de85efe5e390ad45d\n\n(For ppc64le architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.0-ppc64le\n\nThe image digest is sha256:bc7b04e038c8ff3a33b827f4ee19aa79b26e14c359a7dcc1ced9f3b58e5f1ac6\n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor.\n\nSecurity Fix(es):\n\n* crewjam/saml: authentication bypass in saml authentication (CVE-2020-27846)\n\n* golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference (CVE-2020-29652)\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n\n* nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774)\n\n* kubernetes: Secret leaks in kube-controller-manager when using vSphere Provider (CVE-2020-8563)\n\n* containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters (CVE-2020-10749)\n\n* heketi: gluster-block volume password details available in logs (CVE-2020-10763)\n\n* golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)\n\n* jwt-go: access restriction bypass vulnerability (CVE-2020-26160)\n\n* golang-github-gorilla-websocket: integer overflow leads to denial of service (CVE-2020-27813)\n\n* golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-02-24T14:49:26", "type": "redhat", "title": "(RHSA-2020:5633) Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14553", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16451", "CVE-2018-16452", "CVE-2018-20843", "CVE-2019-11068", "CVE-2019-12614", "CVE-2019-13050", "CVE-2019-13225", "CVE-2019-13627", "CVE-2019-14889", "CVE-2019-15165", "CVE-2019-15166", "CVE-2019-15903", "CVE-2019-15917", "CVE-2019-15925", "CVE-2019-16167", "CVE-2019-16168", "CVE-2019-16231", "CVE-2019-16233", "CVE-2019-16935", "CVE-2019-17450", "CVE-2019-17546", "CVE-2019-18197", "CVE-2019-18808", "CVE-2019-18809", "CVE-2019-19046", "CVE-2019-19056", "CVE-2019-19062", "CVE-2019-19063", "CVE-2019-19068", "CVE-2019-19072", "CVE-2019-19221", "CVE-2019-19319", "CVE-2019-19332", "CVE-2019-19447", "CVE-2019-19524", "CVE-2019-19533", "CVE-2019-19537", "CVE-2019-19543", "CVE-2019-19602", "CVE-2019-19767", "CVE-2019-19770", "CVE-2019-19906", "CVE-2019-19956", "CVE-2019-20054", "CVE-2019-20218", "CVE-2019-20386", "CVE-2019-20387", "CVE-2019-20388", "CVE-2019-20454", "CVE-2019-20636", "CVE-2019-20807", "CVE-2019-20812", "CVE-2019-20907", "CVE-2019-20916", "CVE-2019-3884", "CVE-2019-5018", "CVE-2019-6977", "CVE-2019-6978", "CVE-2019-8625", "CVE-2019-8710", "CVE-2019-8720", "CVE-2019-8743", "CVE-2019-8764", "CVE-2019-8766", "CVE-2019-8769", "CVE-2019-8771", "CVE-2019-8782", "CVE-2019-8783", "CVE-2019-8808", "CVE-2019-8811", "CVE-2019-8812", "CVE-2019-8813", "CVE-2019-8814", "CVE-2019-8815", "CVE-2019-8816", "CVE-2019-8819", "CVE-2019-8820", "CVE-2019-8823", "CVE-2019-8835", "CVE-2019-8844", "CVE-2019-8846", "CVE-2019-9455", "CVE-2019-9458", "CVE-2020-0305", "CVE-2020-0444", "CVE-2020-10018", "CVE-2020-10029", "CVE-2020-10732", "CVE-2020-10749", "CVE-2020-10751", "CVE-2020-10763", "CVE-2020-10773", "CVE-2020-10774", "CVE-2020-10942", "CVE-2020-11565", "CVE-2020-11668", "CVE-2020-11793", "CVE-2020-12465", "CVE-2020-12655", "CVE-2020-12659", "CVE-2020-12770", "CVE-2020-12826", "CVE-2020-13249", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-13632", "CVE-2020-14019", "CVE-2020-14040", "CVE-2020-14381", "CVE-2020-14382", "CVE-2020-14391", "CVE-2020-14422", "CVE-2020-15157", "CVE-2020-15503", "CVE-2020-15862", "CVE-2020-15999", "CVE-2020-16166", "CVE-2020-1716", "CVE-2020-1730", "CVE-2020-1751", "CVE-2020-1752", "CVE-2020-1971", "CVE-2020-24490", "CVE-2020-24659", "CVE-2020-25211", "CVE-2020-25641", "CVE-2020-25658", "CVE-2020-25661", "CVE-2020-25662", "CVE-2020-25681", "CVE-2020-25682", "CVE-2020-25683", "CVE-2020-25684", "CVE-2020-25685", "CVE-2020-25686", "CVE-2020-25687", "CVE-2020-25694", "CVE-2020-25696", "CVE-2020-2574", "CVE-2020-26160", "CVE-2020-2752", "CVE-2020-27813", "CVE-2020-27846", "CVE-2020-28362", "CVE-2020-2922", "CVE-2020-29652", "CVE-2020-3862", "CVE-2020-3864", "CVE-2020-3865", "CVE-2020-3867", "CVE-2020-3868", "CVE-2020-3885", "CVE-2020-3894", "CVE-2020-3895", "CVE-2020-3897", "CVE-2020-3898", "CVE-2020-3899", "CVE-2020-3900", "CVE-2020-3901", "CVE-2020-3902", "CVE-2020-6405", "CVE-2020-7595", "CVE-2020-7774", "CVE-2020-8177", "CVE-2020-8492", "CVE-2020-8563", "CVE-2020-8566", "CVE-2020-8619", "CVE-2020-8622", "CVE-2020-8623", "CVE-2020-8624", "CVE-2020-8647", "CVE-2020-8648", "CVE-2020-8649", "CVE-2020-9327", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850", "CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925", "CVE-2021-2007", "CVE-2021-26539", "CVE-2021-3121"], "modified": "2021-03-02T01:56:45", "id": "RHSA-2020:5633", "href": "https://access.redhat.com/errata/RHSA-2020:5633", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "f5": [{"lastseen": "2021-09-01T13:00:42", "description": "A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive. ([CVE-2020-11996](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11996>))\n\nImpact\n\nThere is no impact; F5 products are not affected by this vulnerability.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-07-07T16:06:00", "type": "f5", "title": "Apache Tomcat vulnerability CVE-2020-11996", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11996"], "modified": "2020-07-07T16:06:00", "id": "F5:K19240391", "href": "https://support.f5.com/csp/article/K19240391", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-09-01T13:00:47", "description": "An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients. ([CVE-2020-8618](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8618>))\n\nImpact\n\nThere is no impact; F5 products are not affected by this vulnerability.\n", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 4.9, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-06-18T07:42:00", "type": "f5", "title": "BIND vulnerability CVE-2020-8618", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8618"], "modified": "2020-06-18T07:42:00", "id": "F5:K62210928", "href": "https://support.f5.com/csp/article/K62210928", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2022-02-01T00:00:00", "description": "The asterisk character (&quot;*&quot;) is allowed in DNS zone files, where it is most commonly present as a wildcard at a terminal node of the Domain Name System graph. However, the RFCs do not require and BIND does not enforce that an asterisk character be present only at a terminal node.\n\nA problem can occur when an asterisk is present in an empty non-terminal location within the DNS graph. If such a node exists, after a series of queries, named can reach an inconsistent state that results in the failure of an assertion check in rbtdb.c, followed by the program exiting due to the assertion failure. ([CVE-2020-8619](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8619>))\n\nImpact\n\nYou encounter this defect when you have both of the following conditions:\n\n * A nameserver provides authoritative service for one or more zones.\n * At least one zone contains an empty non-terminal entry containing an asterisk character.\n\nA would-be attacker who is allowed to change zone content could, theoretically, introduce such a record in order to exploit this condition to cause denial-of-service (DoS); however, the use of this vector is unlikely because any such attack requires a significant privilege-level and is easily traceable.\n\nBIND versions from 9.11.14 through 9.11.19 are impacted.\n", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 4.9, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-06-18T17:32:00", "type": "f5", "title": "BIND vulnerability CVE-2020-8619", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8619"], "modified": "2021-04-07T03:14:00", "id": "F5:K19807532", "href": "https://support.f5.com/csp/article/K19807532", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}], "veracode": [{"lastseen": "2022-07-27T10:22:06", "description": "tomcat-coyote is vulnerable to denial of service (DoS). The vulnerability is caused due to lack of proper handling of sequence of HTTP/2 requests, leading to a high CUP consumption and an application crash.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-26T07:34:58", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11996"], "modified": "2021-03-12T13:51:29", "id": "VERACODE:25773", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-25773/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-26T16:53:38", "description": "bind is vulnerable to denial of service (DoS). The vulnerability exists through sending zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone.\n", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 4.9, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-08-31T04:03:27", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8618"], "modified": "2020-10-20T07:13:52", "id": "VERACODE:26528", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-26528/summary", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2022-07-26T16:53:36", "description": "BIND9 is vulnerable to denial of service. An attacker who is allowed to change zone content could introduce a malicious record in order to cause a denial of service condition.\n", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 4.9, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-08-31T04:03:27", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8619"], "modified": "2020-11-09T12:13:03", "id": "VERACODE:26529", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-26529/summary", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}], "ibm": [{"lastseen": "2022-08-04T13:04:54", "description": "## Summary\n\nApp Connect Professional has addressed the following vulnerabilities reported in Apache Tomcat.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-11996](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11996>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service. By sending a specially crafted sequence of HTTP/2 requests, a remote attacker could exploit this vulnerability to trigger high CPU usage for several seconds. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184012](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184012>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nApp Connect Professional v 7.5.3.0\n\n \n\n\n## Remediation/Fixes\n\n_Product_| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nApp Connect Professional| 7.5.3.0| LI81678| [7530 Fixcentral link](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm%2FWebSphere%2FApp+Connect+Professional&release=7.5.3.0&platform=All&function=fixId&fixids=7.5.3.0-WS-ACP-20200922-1217_H15_64-CUMUIFIX-016.builtDockerImage,7.5.3.0-WS-ACP-20200922-1217_H15_64-CUMUIFIX-016.docker,7.5.3.0-WS-ACP-20200922-1217_H15_64-CUMUIFIX-016.vcrypt2&includeSupersedes=0> \"7530 Fixcentral link\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n06 Oct 2020: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud &amp; Data Platform\"},\"Product\":{\"code\":\"SS3LC4\",\"label\":\"App Connect Professional\"},\"Component\":\"-\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"7.5.3\",\"Edition\":\"-\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-07T13:41:00", "type": "ibm", "title": "Security Bulletin: App Connect Professional is affected by Apache Tomcat vulnerabilities.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11996"], "modified": "2020-10-07T13:41:00", "id": "E958100936EDC2D0333655BFE34E1B7F8D81CEDA480AF07C1DBCD19C65ABC6AD", "href": "https://www.ibm.com/support/pages/node/6343967", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-28T22:06:00", "description": "## Summary\n\nThis interim fix provides instructions on upgrading Apache Tomcat to v8.5.57 in IBM Platform Symphony 7.1 Fix Pack 1 in order to address security vulnerabilities CVE-2020-9484, CVE-2020-11996, CVE-2020-13934, and CVE-2020-13935 in Apache Tomcat. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-13934](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13934>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by not releasing the HTTP/1.1 processor after the upgrade to HTTP/2 in an h2c direct connection. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to cause OutOfMemoryException resulting in a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185239](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185239>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-11996](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11996>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service. By sending a specially crafted sequence of HTTP/2 requests, a remote attacker could exploit this vulnerability to trigger high CPU usage for several seconds. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184012](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184012>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-13935](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13935>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by improper validation of the payload length in a WebSocket frame. By sending multiple requests with invalid payload lengths, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185227](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185227>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-9484](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484>) \n** DESCRIPTION: **Apache Tomcat could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization when the server is configured to use the PersistenceManager with a FileStore. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182231](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182231>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Platform Symphony| 7.1 Fix Pack 1 \n \n\n\n## Remediation/Fixes\n\n**Products**| **VRMF**| **APAR**| **Remediation/First Fix** \n---|---|---|--- \nIBM Platform Symphony| 7.1 Fix Pack 1| P103812| [sym-7.1-build555696](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/Platform+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.1-build555696&includeSupersedes=0> \"sym-7.1-build555696\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n28 Jul 2020: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSGSMK\",\"label\":\"Platform Symphony\"},\"Component\":\"PMC\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"7.1 Fix Pack 1\",\"Edition\":\"7.1 Fix Pack 1\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-08-17T09:36:06", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Apache Tomcat affects IBM Platform Symphony", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11996", "CVE-2020-13934", "CVE-2020-13935", "CVE-2020-9484"], "modified": "2020-08-17T09:36:06", "id": "F968064DF1D870E093FB1CBB6C9BC42A2AAB61D61095B3E288687BFC31A52BFD", "href": "https://www.ibm.com/support/pages/node/6260565", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-11T04:54:11", "description": "## Summary\n\nMultiple Apache Tomcat vulnerabilities affect IBM Control Center. See vulnerability details for descriptions.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-9484](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484>) \n** DESCRIPTION: **Apache Tomcat could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization when the server is configured to use the PersistenceManager with a FileStore. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182231](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182231>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-11996](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11996>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service. By sending a specially crafted sequence of HTTP/2 requests, a remote attacker could exploit this vulnerability to trigger high CPU usage for several seconds. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184012](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184012>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-13934](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13934>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by not releasing the HTTP/1.1 processor after the upgrade to HTTP/2 in an h2c direct connection. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to cause OutOfMemoryException resulting in a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185239](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185239>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-13935](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13935>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by improper validation of the payload length in a WebSocket frame. By sending multiple requests with invalid payload lengths, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185227](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185227>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-13943](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13943>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by a flaw when HTTP/2 client exceeded the agreed maximum number of concurrent streams for a connection. By sending a specially-crafted HTTP request, an attacker could exploit this vulnerability to see the responses for unexpected resources, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189643](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189643>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-17527](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17527>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an issue when the HTTP request header value can be reused from the previous stream received on an HTTP/2 connection. By sending a specially-crafted HTTP request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192612](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192612>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-24122](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24122>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by a flaw when serving resources from a network location using the NTFS file system. By sending a specially-crafted request, an attacker could exploit this vulnerability to view the source code for JSPs in some configurations, and use this information to launch further attacks against the affected system. \nCVSS Base score: 8.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194894](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194894>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Control Center| 6.2.0.0 \n \n\n\n## Remediation/Fixes\n\n**Product** | \n\n**VRMF**\n\n| \n\n**iFix**\n\n| \n\n**Remediation** \n \n---|---|---|--- \n \nIBM Control Center\n\n| \n\n6.2.0.0\n\n| \n\niFix08\n\n| \n\n[Fix Central - 6.2.0.0](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Control+Center&release=6.2.0.0&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n13 May 2021: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SS9GLA\",\"label\":\"IBM Control Center\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF033\",\"label\":\"Windows\"},{\"code\":\"PF051\",\"label\":\"Linux on IBM Z Systems\"}],\"Version\":\"6.2.0.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB59\",\"label\":\"Sustainability Software\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-05-14T21:27:15", "type": "ibm", "title": "Security Bulletin: Multiple Apache Tomcat Vulnerabilities Affect IBM Control Center", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11996", "CVE-2020-13934", "CVE-2020-13935", "CVE-2020-13943", "CVE-2020-17527", "CVE-2020-9484", "CVE-2021-24122"], "modified": "2021-05-14T21:27:15", "id": "C53D3C47BD4A155045F99C1E4CBF677182A1008DEB57811C876885F82676C572", "href": "https://www.ibm.com/support/pages/node/6453463", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-28T21:59:51", "description": "## Summary\n\nCloud Pak for Security v1.9.0.0 and earlier may be vulnerable to multiple CVEs through the use of dependency packages. These have been updated in the latest release and vulnerabilities have neen addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security (CP4S). \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-25329](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25329>) \n** DESCRIPTION: **Apache Tomcat could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw with a configuration edge case. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197519](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197519>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-12418](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12418>) \n** DESCRIPTION: **Apache Tomcat could allow a local attacker to gain elevated privileges on the system, caused by a flaw when configured with the JMX Remote Lifecycle Listener. By using man-in-the-middle attack techniques, an attacker could exploit this vulnerability to capture user names and passwords used to access the JMX interface and gain elevated privileges. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173626](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173626>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2017-12617](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12617>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to an error when running on Windows with HTTP PUTs enabled. By sending a specially-crafted request, an attacker could exploit this vulnerability to upload a JSP file and execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/132484](<https://exchange.xforce.ibmcloud.com/vulnerabilities/132484>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-14343](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14343>) \n** DESCRIPTION: **YAML PyYAML could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when processing untrusted YAML files through the full_load method or with the FullLoader loader. By persuading a victim to open a specially-crafted YAML file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197449](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197449>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3272](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3272>) \n** DESCRIPTION: **JasPer is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the jp2_decode in jp2/jp2_dec.c. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195754](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195754>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-7733](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7733>) \n** DESCRIPTION: **ua-parser-js is vulnerable to a denial of service. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a regular expression denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188397](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188397>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-28493](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28493>) \n** DESCRIPTION: **Pallets jinja2 is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the email regex. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195894](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195894>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-28500](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28500>) \n** DESCRIPTION: **Node.js lodash module is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) in the toNumber, trim and trimEnd functions. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196972](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196972>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-36048](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36048>) \n** DESCRIPTION: **Socket.IO Engine.IO is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted HTTP POST request to the long polling transport, a remote attacker could exploit this vulnerability to cause a resource consumption, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194532](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194532>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-7793](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7793>) \n** DESCRIPTION: **ua-parser-js is vulnerable to a denial of service, caused by regular expression denial of service (ReDoS) in multiple regexes. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192997](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192997>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-8203](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8203>) \n** DESCRIPTION: **Node.js lodash module is vulnerable to a denial of service, caused by a prototype pollution attack. A remote attacker could exploit this vulnerability using the merge, mergeWith, and defaultsDeep functions to inject properties onto Object.prototype to crash the server and possibly execute arbitrary code on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/183560](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183560>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-23341](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23341>) \n** DESCRIPTION: **prism is vulnerable to a denial of service. By using the prism-asciidoc, prism-rest, prism-tap and prism-eiffel components, a remote attacker could exploit this vulnerability to cause a regular expression denial of service (ReDoS). \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197047](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197047>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-29060](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29060>) \n** DESCRIPTION: **Color-String is vulnerable to a denial of service, caused by an error when the application is provided and checks a crafted invalid HWB string. By sending a specially crafted string, a remote attacker could exploit this vulnerability to cause a regular expression denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204156](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204156>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-32723](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32723>) \n** DESCRIPTION: **Node.js prismjs module is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw when highlighting untrusted (user-given) text. By sending specially-crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204479](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204479>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-33623](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33623>) \n** DESCRIPTION: **Node.js trim-newlines module is vulnerable to a denial of service, caused by a regular expression denial-of-service (ReDoS) flaw in the .end() method. By sending a specially-crafted regex input, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202758](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202758>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-3749](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3749>) \n** DESCRIPTION: **axios is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the trim function. By sending a specially-crafted regex input, a remote attacker could exploit this vulnerability to cause an application to consume an excessive amount of CPU. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208438](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208438>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-3801](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3801>) \n** DESCRIPTION: **Prismjs prism is vulnerable to a denial of service, caused by the inefficient regular expression complexity. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209459](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209459>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-3803](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3803>) \n** DESCRIPTION: **nth-check is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw. By sending a specially-crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209593](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209593>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-42340](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42340>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by a memory leak flaw in WebSocket connections. By sending a specially-crafted request using OutOfMemoryError, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211354](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211354>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-1305](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1305>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the failure to properly enforce security constraints that are defined by annotations of Servlets in certain cases. An attacker could exploit this vulnerability to bypass security constraints to access restricted resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/139475](<https://exchange.xforce.ibmcloud.com/vulnerabilities/139475>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2018-1304](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1304>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the failure to properly enforce security constraint definitions that contain a URL pattern of \"\" (the empty string) that exactly maps to the context root. An attacker could exploit this vulnerability to bypass security constraints to access restricted resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/139476](<https://exchange.xforce.ibmcloud.com/vulnerabilities/139476>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2021-30640](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30640>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by improper authentication validation in the JNDI Realm. By sending a specially-crafted request using various user names, an attacker could exploit this vulnerability to bypass some of the protection provided by the LockOut Realm. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205213](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205213>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2021-41079](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41079>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by improper input validation of TLS packets. By sending a specially-crafted TLS packet, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209450](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209450>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-37699](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37699>) \n** DESCRIPTION: **Node.js next module could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a specially-crafted URL to redirect a victim to arbitrary Web sites. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207375](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207375>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2018-11784](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11784>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the default servlet. An attacker could exploit this vulnerability using a specially-crafted URL to redirect a victim to arbitrary Web sites. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/150860](<https://exchange.xforce.ibmcloud.com/vulnerabilities/150860>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2020-15256](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15256>) \n** DESCRIPTION: **Node.js object-path module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the set method to the includeInheritedProps mode. By creating a new instance of object-path and setting the option includeInheritedProps: true, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/190219](<https://exchange.xforce.ibmcloud.com/vulnerabilities/190219>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2021-23337](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23337>) \n** DESCRIPTION: **Node.js lodash module could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a command injection flaw in the template. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. \nCVSS Base score: 7.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196797](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196797>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-39178](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39178>) \n** DESCRIPTION: **Vercel Next.js is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Image Optimization API. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 7.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208466](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208466>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2018-16487](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16487>) \n** DESCRIPTION: **Node.js lodash module is vulnerable to a denial of service, caused by a prototype pollution flaw. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to inject properties onto Object.prototype to cause a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/156530](<https://exchange.xforce.ibmcloud.com/vulnerabilities/156530>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L) \n \n** CVEID: **[CVE-2019-10744](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10744>) \n** DESCRIPTION: **Node.js lodash module is vulnerable to a denial of service, caused by a prototype pollution flaw. By sending a specially-crafted request using a constructor payload, a remote attacker could exploit this vulnerability to inject properties onto Object.prototype to cause a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/167415](<https://exchange.xforce.ibmcloud.com/vulnerabilities/167415>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L) \n \n** CVEID: **[CVE-2019-10746](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10746>) \n** DESCRIPTION: **Node.js mixin-deep module is vulnerable to a denial of service, caused by a prototype pollution flaw. By sending a specially-crafted request using a constructor payload, a remote attacker could exploit this vulnerability to inject properties onto Object.prototype to cause a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/167420](<https://exchange.xforce.ibmcloud.com/vulnerabilities/167420>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-1765](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1765>) \n** DESCRIPTION: **Apple macOS could allow a remote attacker to bypass security restrictions, caused by a logic issue in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to violate iframe sandboxing policy. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195917](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195917>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2020-1935](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1935>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to HTTP request smuggling, caused by a flaw when handling unusual Transfer-Encoding HTTP header. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/176788](<https://exchange.xforce.ibmcloud.com/vulnerabilities/176788>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-15138](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15138>) \n** DESCRIPTION: **Prism is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Previewers plugin. A remote attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186416](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186416>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-25658](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25658>) \n** DESCRIPTION: **Python-RSA could allow a remote attacker to obtain sensitive information, caused by a Bleichenbacher timing attack. By sending a specially-crafted request using the RSA decryption API, an attacker could exploit this vulnerability to obtain parts of the cipher text encrypted with RSA, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191710](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191710>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-25659](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25659>) \n** DESCRIPTION: **python-cryptography could allow a remote attacker to obtain sensitive information, caused by a Bleichenbacher timing attack. By sending a specially-crafted request using the RSA decryption API, an attacker could exploit this vulnerability to obtain parts of the cipher text encrypted with RSA, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192485](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192485>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2017-8872](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8872>) \n** DESCRIPTION: **libxml2 is vulnerable to a buffer overflow, caused by a a buffer-over-read flaw in the htmlParseTryOrFinish function in HTMLparser.c. By sending a specially-crafted request, a local attacker could overflow a buffer and cause a denial of service condition or obtain sensitive information on the system. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/125890](<https://exchange.xforce.ibmcloud.com/vulnerabilities/125890>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2019-17563](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17563>) \n** DESCRIPTION: **Apache Tomcat could allow a local attacker to hijack a user's session. By using the FORM authentication function, an attacker could exploit this vulnerability to gain access to another user's session. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173558](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173558>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2021-23434](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23434>) \n** DESCRIPTION: **Node.js object-path module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw when the path components used in the path parameter are arrays. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 5.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208319](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208319>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2020-26237](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26237>) \n** DESCRIPTION: **Highlight.js is vulnerable to a denial of service, caused by a prototype pollution. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192317](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192317>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-16276](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16276>) \n** DESCRIPTION: **Golang could allow a remote attacker to bypass security restrictions, caused by improper validation of HTTP header. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass filter or conduct HTTP request smuggling. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/167963](<https://exchange.xforce.ibmcloud.com/vulnerabilities/167963>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2018-8014](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8014>) \n** DESCRIPTION: **Apache Tomcat could provide weaker than expected security, caused by insecure default settings for the CORS filter. A remote attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/143411](<https://exchange.xforce.ibmcloud.com/vulnerabilities/143411>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-25122](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25122>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by a flaw when responding to new h2c connection requests. By sending a specially-crafted request, an attacker could exploit this vulnerability to see the request body information from one request to another, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197517](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197517>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2018-8037](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8037>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the improper handling of NIO/NIO2 connectors closures. An attacker could exploit this vulnerability to reuse user sessions in a new connection. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/147212](<https://exchange.xforce.ibmcloud.com/vulnerabilities/147212>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-11996](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11996>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service. By sending a specially crafted sequence of HTTP/2 requests, a remote attacker could exploit this vulnerability to trigger high CPU usage for several seconds. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184012](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184012>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2015-1572](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1572>) \n** DESCRIPTION: **e2fsprogs is vulnerable to a heap-based buffer overflow, caused by an incomplete fix related to improper bounds checking by the libext2fs library. A local attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 4.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/101199](<https://exchange.xforce.ibmcloud.com/vulnerabilities/101199>) for the current score. \nCVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2021-27292](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27292>) \n** DESCRIPTION: **UAParser.js is vulnerable to a denial of service. By sending a specially crafted User-Agent header, a remote attacker could exploit this vulnerability to cause the application to process the file for an extended time. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-32822](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32822>) \n** DESCRIPTION: **Node.js hbs module could allow a remote attacker to obtain sensitive information, caused by an issue when the template engine configuration options are passed through Express render API. By overwriting internal configuration options, an attacker could exploit this vulnerability to obtain file information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207809](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207809>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-39227](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39227>) \n** DESCRIPTION: **Baidu EFE team ZRender could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the merge and clone helper methods in the src/core/util.ts. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of servuce condition on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209652](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209652>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-1938](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1938>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by a file read/inclusion vulnerability in the AJP connector. By sending a specially-crafted request, an attacker could exploit this vulnerability to read web application files from a vulnerable server and upload malicious JavaServer Pages (JSP) code within a variety of file types and execute arbitrary code on the system. Note: This vulnerability is known as Ghostcat. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/176562](<https://exchange.xforce.ibmcloud.com/vulnerabilities/176562>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3805](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3805>) \n** DESCRIPTION: **Node.js object-path module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the del() function. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of servuce condition on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209595](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209595>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nCloud Pak for Security (CP4S)| 1.9.1.0 \nCloud Pak for Security (CP4S)| 1.8.1.0 \nCloud Pak for Security (CP4S)| 1.8.0.0 \n \n\n\n## Remediation/Fixes\n\nPlease upgrade following instructions at <https://www.ibm.com/docs/en/cloud-paks/cp-security/1.9?topic=installing-upgrading-cloud-pak-security-from-18>\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n01 Mar 2022: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSTDPP\",\"label\":\"IBM Cloud Pak for Security\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF040\",\"label\":\"RedHat OpenShift\"}],\"Version\":\"1.8.0.0, 1.8.1.0, 1.9.0.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-01T16:38:26", "type": "ibm", "title": "Security Bulletin: Cloud Pak for Security contains packages that have multiple vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1572", "CVE-2017-12617", "CVE-2017-8872", "CVE-2018-11784", "CVE-2018-1304", "CVE-2018-1305", "CVE-2018-16487", "CVE-2018-8014", "CVE-2018-8037", "CVE-2019-10744", "CVE-2019-10746", "CVE-2019-12418", "CVE-2019-16276", "CVE-2019-17563", "CVE-2020-11996", "CVE-2020-14343", "CVE-2020-15138", "CVE-2020-15256", "CVE-2020-1935", "CVE-2020-1938", "CVE-2020-25658", "CVE-2020-25659", "CVE-2020-26237", "CVE-2020-28493", "CVE-2020-28500", "CVE-2020-36048", "CVE-2020-7733", "CVE-2020-7793", "CVE-2020-8203", "CVE-2021-1765", "CVE-2021-23337", "CVE-2021-23341", "CVE-2021-23434", "CVE-2021-25122", "CVE-2021-25329", "CVE-2021-27292", "CVE-2021-29060", "CVE-2021-30640", "CVE-2021-3272", "CVE-2021-32723", "CVE-2021-32822", "CVE-2021-33623", "CVE-2021-3749", "CVE-2021-37699", "CVE-2021-3801", "CVE-2021-3803", "CVE-2021-3805", "CVE-2021-39178", "CVE-2021-39227", "CVE-2021-41079", "CVE-2021-42340"], "modified": "2022-04-01T16:38:26", "id": "C596338966F1610A28DC01FBB21502CC71651B70DBC8B96D9603EBE432E4D5E6", "href": "https://www.ibm.com/support/pages/node/6568787", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-28T22:05:30", "description": "## Summary\n\nIBM Data Risk Manager has addressed the following vulnerabilities:\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-13871](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13871>) \n** DESCRIPTION: **SQLite is vulnerable to a denial of service, caused by a use-after-free in resetAccumulator in select.c. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/183370](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183370>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-9484](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484>) \n** DESCRIPTION: **Apache Tomcat could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization when the server is configured to use the PersistenceManager with a FileStore. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182231](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182231>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-15025](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15025>) \n** DESCRIPTION: **NTP is vulnerable to a denial of service, caused by a memory leak when a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file in ntpd. By sending specially-crafted packets, a remote authenticated attacker could exploit this vulnerability to consume all available memory resources. \nCVSS Base score: 4.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184004](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184004>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-4620](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4620>) \n** DESCRIPTION: **IBM Data Risk Manager (iDNA) 2.0.6 could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious file, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM X-Force ID: 184979. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184979](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184979>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-14892](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14892>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization when using commons-configuration 1 and 2 JNDI classes. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177106](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177106>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-14893](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14893>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization when using the xalan JNDI gadget. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177108](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177108>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2017-12626](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12626>) \n** DESCRIPTION: **Apache POI is vulnerable to a denial of service, caused by an error while parsing malicious WMF, EMF, MSG and macros and specially crafted DOC, PPT and XLS. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop or an out of memory exception. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/138361](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138361>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-4621](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4621>) \n** DESCRIPTION: **IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to escalate their privileges to administrator due to insufficient authorization checks. IBM X-Force ID: 184981. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184981](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184981>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-14195](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14195>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in rg.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity). By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/183495](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183495>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-16168](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16168>) \n** DESCRIPTION: **SQLite is vulnerable to a denial of service, caused by missing validation of a sqlite_stat1 sz field in whereLoopAddBtreeIndex in sqlite3.c. By providing specially-crafted input, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166986](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166986>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-10673](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10673>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in com.caucho.config.types.ResourceRef (aka caucho-quercus). By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178107](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178107>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-11112](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11112>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy). By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178902](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178902>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-11113](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11113>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa). By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178903](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178903>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-10672](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10672>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms). By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178104](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178104>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-10968](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10968>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy). By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178544](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178544>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-10969](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10969>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in javax.swing.JEditorPane. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178546](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178546>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-11619](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11619>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop). By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179430](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179430>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-11111](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11111>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms). By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178901](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178901>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-11620](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11620>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in org.apache.commons.jelly.impl.Embedded (aka commons-jelly). By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179431](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179431>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2017-15095](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15095>) \n** DESCRIPTION: **Jackson Library could allow a remote attacker to execute arbitrary code on the system, caused by a deserialization flaw in the readValue() method of the ObjectMapper. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/135123](<https://exchange.xforce.ibmcloud.com/vulnerabilities/135123>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2017-17485](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17485>) \n** DESCRIPTION: **Jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the default-typing feature. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/137340](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137340>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2017-7525](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7525>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a deserialization flaw within the Jackson JSON library in the readValue method of the ObjectMapper. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/134639](<https://exchange.xforce.ibmcloud.com/vulnerabilities/134639>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2018-1000873](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000873>) \n** DESCRIPTION: **FasterXML jackson-databind is vulnerable to a denial of service, caused by improper input validation by the nanoseconds time value field. By persuading a victim to deserialize specially-crafted input, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/154804](<https://exchange.xforce.ibmcloud.com/vulnerabilities/154804>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-14718](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14718>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by the failure to block the slf4j-ext class from polymorphic deserialization. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155139](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155139>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2018-5968](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5968>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by deserialization flaws. By using two different gadgets that bypass a blocklist, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/138088](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138088>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2018-7489](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7489>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by a deserialization flaw in the readValue method of the ObjectMapper. By sending specially crafted JSON input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/139549](<https://exchange.xforce.ibmcloud.com/vulnerabilities/139549>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2019-10172](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10172>) \n** DESCRIPTION: **Jackson-mapper-asl could allow a remote attacker to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data. By sending a specially-crafted XML data, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172436](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172436>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2019-14540](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14540>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to obtain sensitive information, caused by a polymorphic typing issue in com.zaxxer.hikari.HikariConfig. A remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/167354](<https://exchange.xforce.ibmcloud.com/vulnerabilities/167354>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-16335](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16335>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to obtain sensitive information, caused by a polymorphic typing issue in com.zaxxer.hikari.HikariDataSource. A remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/167205](<https://exchange.xforce.ibmcloud.com/vulnerabilities/167205>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-17267](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17267>) \n** DESCRIPTION: **FasterXML jackson-databind could provide weaker than expected security, caused by a polymorphic typing issue in the net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup. A remote attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168514](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168514>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2020-11996](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11996>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service. By sending a specially crafted sequence of HTTP/2 requests, a remote attacker could exploit this vulnerability to trigger high CPU usage for several seconds. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184012](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184012>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-2949](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2949>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Kerberos component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169254](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169254>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-5398](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5398>) \n** DESCRIPTION: **Spring Framework could allow a remote attacker to obtain sensitive information, caused by a flaw when it sets a Content-Disposition header in the response. By using a reflected file download (RFD) attack, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174711](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174711>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-11023](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023>) \n** DESCRIPTION: **jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the option elements. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim&amp;#39;s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim&amp;#39;s cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181350](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181350>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-11022](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022>) \n** DESCRIPTION: **jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the jQuery.htmlPrefilter method. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim&amp;#39;s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim&amp;#39;s cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181349](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181349>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-4617](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4617>) \n** DESCRIPTION: **IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 184930. \nCVSS Base score: 7.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184930](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184930>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N) \n \n** CVEID: **[CVE-2019-19317](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19317>) \n** DESCRIPTION: **SQLite is vulnerable to a denial of service, caused by an error in lookupName in resolve.c. By providing specially crafted input, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172670](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172670>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-1935](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1935>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to HTTP request smuggling, caused by a flaw when handling unusual Transfer-Encoding HTTP header. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/176788](<https://exchange.xforce.ibmcloud.com/vulnerabilities/176788>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2019-17569](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17569>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to HTTP request smuggling, caused by a flaw when handling unusual Transfer-Encoding HTTP header. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/176784](<https://exchange.xforce.ibmcloud.com/vulnerabilities/176784>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-1938](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1938>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by a file read/inclusion vulnerability in the AJP connector. By sending a specially-crafted request, an attacker could exploit this vulnerability to read web application files from a vulnerable server and upload malicious JavaServer Pages (JSP) code within a variety of file types and execute arbitrary code on the system. Note: This vulnerability is known as Ghostcat. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/176562](<https://exchange.xforce.ibmcloud.com/vulnerabilities/176562>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-12384](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12384>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by the failure to block the logback-core class from polymorphic deserialization. By sending a specially-crafted JSON message, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162849](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162849>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-14816](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14816>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by mwifiex_update_vs_ie() function of Marvell Wifi Driver. By sending a specially-crafted packet, a local attacker could overflow a buffer and execute arbitrary code on the system or cause the system to crash. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166017](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166017>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-14895](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14895>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the mwifiex_process_country_ie function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c. By sending a specially-crafted beacon packet, a remote attacker could overflow a buffer and execute arbitrary code or cause a denial of service on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172101](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172101>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-14898](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14898>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a race condition in between mmget_not_zero()/get_task_mm() and core dumping. By using a specially-crafted system call, a local authenticated attacker could exploit this vulnerability to cause the system to crash or obtain sensitive information. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/175727](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175727>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H) \n \n** CVEID: **[CVE-2019-14901](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14901>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the mwifiex_process_tdls_action_frame function in marvell/mwifiex/tdls.c. By sending a specially-crafted request, a remote attacker could overflow a buffer and execute arbitrary code or cause a denial of service on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172100](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172100>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-17133](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17133>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a buffer overflow, caused by improper bounds checking by the cfg80211_mgd_wext_giwessid functions in net/wireless/wext-sme.c. By sending an overly long long SSID IE, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168370](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168370>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-9924](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9924>) \n** DESCRIPTION: **Bash could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by the failure to prevent the shell user from modifying BASH_CMDS in the rbash. By modifying BASH_CMDS, an attacker could exploit this vulnerability to execute arbitrary commands on the system with the permissions of the shell. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/158906](<https://exchange.xforce.ibmcloud.com/vulnerabilities/158906>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2015-2716](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2716>) \n** DESCRIPTION: **Expat, as used in Mozilla Firefox and Thunderbird, is vulnerable to a buffer overflow, caused by improper bounds checking by the XML parser. By persuading a victim to open a specially crafted XML file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/103214](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103214>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2018-18751](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18751>) \n** DESCRIPTION: **GNU gettext is vulnerable to a denial of service, caused by a double free flaw in the default_add_message function in read-catalog.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/152105](<https://exchange.xforce.ibmcloud.com/vulnerabilities/152105>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-11487](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11487>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a page-&amp;gt;_refcount overflow. A local attacker could exploit this vulnerability using FUSE with ~140GiB RAM usage to cause a denial of service. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160017](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160017>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-17666](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17666>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a buffer overflow, caused by improper bounds checking by the rtl_p2p_noa_ie function in drivers/net/wireless/realtek/rtlwifi/ps.c. By sending a specially-crafted request, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169487](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169487>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-19338](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19338>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by a Transaction Asynchronous Abort (TAA) h/w issue in KVM. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172836](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172836>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2019-17041](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17041>) \n** DESCRIPTION: **Rsyslog is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the contrib/pmaixforwardedfrom/pmaixforwardedfrom.c. By sending a specially-crafted message, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168504](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168504>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-17042](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17042>) \n** DESCRIPTION: **Rsyslog is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the contrib/pmcisconames/pmcisconames.c. By sending a specially-crafted message, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168503](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168503>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-18634](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18634>) \n** DESCRIPTION: **Apple macOS Catalina is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the privileged sudo process. By sending an overly long string to the stdin of getln() in tgetpass.c., a local attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/175358](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175358>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2018-1116](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1116>) \n** DESCRIPTION: **polkit is vulnerable to a denial of service, caused by a flaw in the implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service or obtain sensitive information. \nCVSS Base score: 7.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/146202](<https://exchange.xforce.ibmcloud.com/vulnerabilities/146202>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H) \n \n** CVEID: **[CVE-2019-13734](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13734>) \n** DESCRIPTION: **Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write in SQLite. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172917](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172917>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2018-20852](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20852>) \n** DESCRIPTION: **Python could allow a remote attacker to obtain sensitive information, caused by the failure to correctly validate the domain by http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py. By using a server with a hostname that has another valid hostname as a suffix, an attacker could exploit this vulnerability to obtain leaked existing cookies. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169515](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169515>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-16056](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16056>) \n** DESCRIPTION: **Python could allow a remote attacker to bypass security restrictions, caused by an issue with email module incorrectly parsing email address containing multiple &amp;#64; characters. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass email filtering protection. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166645](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166645>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2019-11729](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729>) \n** DESCRIPTION: **Mozilla Firefox is vulnerable to a denial of service, caused by the improperly validation of empty or malformed p256-ECDH public keys before being copied into memory and used. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause the browser to crash. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/163507](<https://exchange.xforce.ibmcloud.com/vulnerabilities/163507>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-11745](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745>) \n** DESCRIPTION: **Mozilla Network Security Services (NSS), as used in Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write when encrypting with a block cipher. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to corrupt the heap and execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172458](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172458>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-10531](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10531>) \n** DESCRIPTION: **International Components for Unicode (ICU) for C/C&amp;#43;&amp;#43; is vulnerable to a heap-based buffer overflow, caused by an integer overflow in UnicodeString::doAppend() function in common/unistr.cpp. By sending a specially-crafted request, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177660](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177660>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-3820](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3820>) \n** DESCRIPTION: **Gnome gnome-shell lock screen could allow a physical attacker to bypass security restrictions, caused by the failure to properly restrict all contextual actions. By performing specially-crafted operations, an attacker could exploit this vulnerability to invoke certain keyboard shortcuts. \nCVSS Base score: 4.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/157399](<https://exchange.xforce.ibmcloud.com/vulnerabilities/157399>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2018-10360](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10360>) \n** DESCRIPTION: **File is vulnerable to a denial of service, caused by an out-of-bounds read in the do_core_note function in readelf.c in libmagic.a. By persuading a victim to open a specially crafted ELF file, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/144797](<https://exchange.xforce.ibmcloud.com/vulnerabilities/144797>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-5436](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436>) \n** DESCRIPTION: **cURL libcurl is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the tftp_receive_packet() function. By sending overly long data, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 6.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/161431](<https://exchange.xforce.ibmcloud.com/vulnerabilities/161431>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2018-5745](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5745>) \n** DESCRIPTION: **ISC BIND is vulnerable to a denial of service, caused by an error in the managed-keys feature. By replacing a trust anchor&amp;#39;s keys with keys which use an unsupported algorithm, a remote authenticated attacker could exploit this vulnerability to cause an assertion failure. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/157386](<https://exchange.xforce.ibmcloud.com/vulnerabilities/157386>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-6465](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6465>) \n** DESCRIPTION: **ISC BIND could allow a remote attacker to obtain sensitive information, caused by the failure to properly apply controls for zone transfers to Dynamically Loadable Zones (DLZs) if the zones are writable. An attacker could exploit this vulnerability to request and receive a zone transfer of a DLZ even when not permitted to do so by the allow-transfer ACL. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/157377](<https://exchange.xforce.ibmcloud.com/vulnerabilities/157377>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-6477](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6477>) \n** DESCRIPTION: **ISC BIND is vulnerable to a denial of service. By sending TCP-pipelined queries, a remote attacker could exploit this vulnerability to bypass tcp-clients limit and cause the server to consume all available resources and become unresponsive. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172012](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172012>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2015-9289](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9289>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a buffer overflow, caused by a flaw when checking userspace params in drivers/media/dvb-frontends/cx24116.c. By sending a specially-crafted request, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166876](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166876>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2017-17807](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17807>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to bypass security restrictions, caused by omitting an access-control check when adding a key to the current task&amp;#39;s default request-key keyring in the KEYS subsystem. By using a sequence of specially-crafted system calls, an attacker could exploit this vulnerability to add keys to a keyring with only Search permission. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/136628](<https://exchange.xforce.ibmcloud.com/vulnerabilities/136628>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2018-7191](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7191>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the tun subsystem. By sending a specially-crafted ioctl(TUNSETIFF) cal, a local attacker could exploit this vulnerability to cause a system panic. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/161401](<https://exchange.xforce.ibmcloud.com/vulnerabilities/161401>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-19985](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19985>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by an out-of-bounds read in the hso_get_config_data function in drivers/net/usb/hso.c. A local attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base score: 4.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160204](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160204>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-20169](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20169>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by improper size validation by the __usb_get_extra_descriptor function in drivers/usb/core/usb.c in the USB subsystem. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/154367](<https://exchange.xforce.ibmcloud.com/vulnerabilities/154367>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-3901](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3901>) \n** DESCRIPTION: **Linux Kernel could allow a local attacker to obtain sensitive information, caused by a race condition in the perf_event_open function. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information from setuid programs. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/159973](<https://exchange.xforce.ibmcloud.com/vulnerabilities/159973>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2019-9503](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9503>) \n** DESCRIPTION: **The Broadcom brcmfmac driver could allow a remote attacker to bypass security restrictions. By receiving firmware event frames from a remote source, a remote attacker could exploit this vulnerability to bypass the frame validation. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/159643](<https://exchange.xforce.ibmcloud.com/vulnerabilities/159643>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2019-10207](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10207>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the hci_uart_set_flow_control function. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164305](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164305>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-10638](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10638>) \n** DESCRIPTION: **Linux Kernel could allow a remote attacker to obtain sensitive information, caused by the use of IP ID values for connection-less protocols. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to obtain the hash collisions then enumerate the hashing key. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/163731](<https://exchange.xforce.ibmcloud.com/vulnerabilities/163731>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2019-10639](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10639>) \n** DESCRIPTION: **Linux Kernel could allow a remote attacker to obtain sensitive information, caused by the use of a weak function to generate IP packet IDs. By sniffing the network, an attacker could exploit this vulnerability to obtain hash collisions information to derive the hashing key. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/167414](<https://exchange.xforce.ibmcloud.com/vulnerabilities/167414>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2019-11190](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11190>) \n** DESCRIPTION: **Linux Kernel could allow a local attacker to bypass security restrictions, caused by a race condition when reading /proc/pid/stat. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass ASLR on setuid programs. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/159469](<https://exchange.xforce.ibmcloud.com/vulnerabilities/159469>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2019-11884](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11884>) \n** DESCRIPTION: **Linux Kernel could allow a local attacker to obtain sensitive information, caused by a flaw in the do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c. By using a HIDPCONNADD command, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/161261](<https://exchange.xforce.ibmcloud.com/vulnerabilities/161261>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-12382](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12382>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the drm_load_edid_firmware function in drivers/gpu/drm/drm_edid_load.c. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/161695](<https://exchange.xforce.ibmcloud.com/vulnerabilities/161695>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-13233](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13233>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a use-after-free flaw when a race between modify_ldt() and #BR Exception occurs. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162780](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162780>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-13648](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13648>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a flaw in arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c when hardware transactional memory is disabled. By using a sigreturn() system call with crafted signal frame, a local attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164506](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164506>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-14283](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14283>) \n** DESCRIPTION: **Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by an integer overflow and out-of-bounds read in the drivers/block/floppy.c. By using a specially-crafted floppy disk, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165352](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165352>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-15916](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15916>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a memory leak in register_queue_kobjects() in net/core/net-sysfs.c. A local attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166559](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166559>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-16746](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16746>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a buffer overflow, caused by improper bounds checking by missing check of the length of variable elements in a beacon head by the net/wireless/nl80211.c. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the system to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/167566](<https://exchange.xforce.ibmcloud.com/vulnerabilities/167566>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2019-18660](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18660>) \n** DESCRIPTION: **Linux Kernel for PowerPC could allow a local authenticated attacker to obtain sensitive information, caused by the failure to activate the mitigation for Spectre-RSB on context switch. By using side channel attacks, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172297](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172297>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2017-11166](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11166>) \n** DESCRIPTION: **ImageMagick is vulnerable to a denial of service, caused by a memory-leak issue in the ReadXWDImage function in coders\\xwd.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to consume all available memory from the system. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/129048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/129048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-12805](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12805>) \n** DESCRIPTION: **ImageMagick is vulnerable to a denial of service, caused by an error in the function ReadTIFFImage. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/163486](<https://exchange.xforce.ibmcloud.com/vulnerabilities/163486>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2017-12806](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12806>) \n** DESCRIPTION: **ImageMagick is vulnerable to a denial of service, caused by a memory exhaustion in the function format8BIM. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/163485](<https://exchange.xforce.ibmcloud.com/vulnerabilities/163485>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2017-18251](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18251>) \n** DESCRIPTION: **ImageMagick is vulnerable to a denial of service, caused by a memory leak in the ReadPCDImage function in coders/pcd.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/140899](<https://exchange.xforce.ibmcloud.com/vulnerabilities/140899>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2017-18252](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18252>) \n** DESCRIPTION: **ImageMagick is vulnerable to a denial of service, caused by an error in the MogrifyImageList function in MagickWand/mogrify.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause an assertion failure. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/140897](<https://exchange.xforce.ibmcloud.com/vulnerabilities/140897>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2017-18254](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18254>) \n** DESCRIPTION: **ImageMagick is vulnerable to a denial of service, caused by a memory leak in the WriteGIFImage function in coders/gif.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/140894](<https://exchange.xforce.ibmcloud.com/vulnerabilities/140894>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2017-18271](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18271>) \n** DESCRIPTION: **ImageMagick is vulnerable to a denial of service, caused by an infinite loop in the function ReadMIFFImage in coders/miff.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to consume all available CPU resources. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/143607](<https://exchange.xforce.ibmcloud.com/vulnerabilities/143607>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2017-18273](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18273>) \n** DESCRIPTION: **ImageMagick is vulnerable to a denial of service, caused by an infinite loop flaw in the function ReadTXTImage in coders/txt.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to consume all available CPU resources. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/143605](<https://exchange.xforce.ibmcloud.com/vulnerabilities/143605>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2017-1000476](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000476>) \n** DESCRIPTION: **ImageMagick is vulnerable to a denial of service, caused by a CPU exhaustion flaw in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service. By persuading a victim to open a specailly-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/137214](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137214>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-8804](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8804>) \n** DESCRIPTION: **ImageMagick is vulnerable to a denial of service, caused by a double free flaw in the WriteEPTImage function in coders/ept.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/140527](<https://exchange.xforce.ibmcloud.com/vulnerabilities/140527>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-9133](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9133>) \n** DESCRIPTION: **ImageMagick is vulnerable to a denial of service, caused by excessive iteration in the DecodeLabImage and EncodeLabImage functions in coders/tiff.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/141069](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141069>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-10177](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10177>) \n** DESCRIPTION: **ImageMagick is vulnerable to a denial of service, caused by an error in the ReadOneMNGImage function of the coders/png.c file. By persuading a victim to open a specially-crafted mng file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/141861](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141861>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-10804](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10804>) \n** DESCRIPTION: **ImageMagick is vulnerable to a denial of service, caused by a memory leak in in WriteTIFFImage in coders/tiff.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/143002](<https://exchange.xforce.ibmcloud.com/vulnerabilities/143002>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-10805](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10805>) \n** DESCRIPTION: **ImageMagick is vulnerable to a denial of service, caused by a memory leak in ReadYCBCRImage in coders/ycbcr.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/142999](<https://exchange.xforce.ibmcloud.com/vulnerabilities/142999>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-11656](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11656>) \n** DESCRIPTION: **ImageMagick is vulnerable to a denial of service, caused by a memory leak in the ReadDCMImage function in coders/dcm.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/144266](<https://exchange.xforce.ibmcloud.com/vulnerabilities/144266>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-12599](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12599>) \n** DESCRIPTION: **ImageMagick is vulnerable to an out-of-bounds write, caused by improper bounds checking by the ReadBMPImage and WriteBMPImage in coders/bmp.c. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/145200](<https://exchange.xforce.ibmcloud.com/vulnerabilities/145200>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2018-12600](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12600>) \n** DESCRIPTION: **ImageMagick is vulnerable to an out-of-bounds write, caused by an error in the ReadDIBImage and WriteDIBImage functions in coders/dib.c. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/145199](<https://exchange.xforce.ibmcloud.com/vulnerabilities/145199>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2018-13153](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13153>) \n** DESCRIPTION: **ImageMagick is vulnerable to a denial of service, caused by a memory leak in the XMagickCommand function in MagickCore/animate.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to consume all available memory resources. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/145904](<https://exchange.xforce.ibmcloud.com/vulnerabilities/145904>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-14434](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14434>) \n** DESCRIPTION: **ImageMagick is vulnerable to a denial of service, caused by a memory leak in the WriteMPCImage function in coders/mpc.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/147148](<https://exchange.xforce.ibmcloud.com/vulnerabilities/147148>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-14435](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14435>) \n** DESCRIPTION: **ImageMagick is vulnerable to a denial of service, caused by a memory leak in the DecodeImage function in coders/pcd.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/147149](<https://exchange.xforce.ibmcloud.com/vulnerabilities/147149>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-14436](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14436>) \n** DESCRIPTION: **ImageMagick is vulnerable to a denial of service, caused by a memory leak in the ReadMIFFImage function in coders/miff.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/147150](<https://exchange.xforce.ibmcloud.com/vulnerabilities/147150>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-14437](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14437>) \n** DESCRIPTION: **ImageMagick is vulnerable to a denial of service, caused by a memory leak in the parse8BIM function in coders/meta.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/147151](<https://exchange.xforce.ibmcloud.com/vulnerabilities/147151>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-15607](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15607>) \n** DESCRIPTION: **ImageMagick is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to consume all available CPU and memory resources. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/148632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/148632>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-16328](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16328>) \n** DESCRIPTION: **ImageMagick is vulnerable to a denial of service, caused by a NULL pointer dereference in the CheckEventLogging function in MagickCore/log.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/149251](<https://exchange.xforce.ibmcloud.com/vulnerabilities/149251>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-16749](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16749>) \n** DESCRIPTION: **ImageMagick is vulnerable to a denial of service, caused by a missing NULL check in the ReadOneJNGImage function in coders/png.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/149742](<https://exchange.xforce.ibmcloud.com/vulnerabilities/149742>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-16750](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16750>) \n** DESCRIPTION: **ImageMagick is vulnerable to a denial of service, caused by a missing NULL check in ReadOneJNGImage function in coders/png.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/149745](<https://exchange.xforce.ibmcloud.com/vulnerabilities/149745>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-18544](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18544>) \n** DESCRIPTION: **ImageMagick is vulnerable to a denial of service, caused by a memory leak in the WriteMSLImage function in coders/msl.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/151770](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151770>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-20467](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20467>) \n** DESCRIPTION: **ImageMagick is vulnerable to a denial of service, caused by an error in coders/bmp.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/154790](<https://exchange.xforce.ibmcloud.com/vulnerabilities/154790>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-7175](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7175>) \n** DESCRIPTION: **ImageMagick could allow a remote attacker to obtain sensitive information, caused by memory leaks in DecodeImage in coders/pcd.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/158314](<https://exchange.xforce.ibmcloud.com/vulnerabilities/158314>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-7397](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7397>) \n** DESCRIPTION: **ImageMagick is vulnerable to a denial of service, caused by memory leaks in WritePDFImage in coders/pdf.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/156772](<https://exchange.xforce.ibmcloud.com/vulnerabilities/156772>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-7398](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7398>) \n** DESCRIPTION: **ImageMagick is vulnerable to a denial of service, caused by a memory leak in WriteDIBImage in coders/dib.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/156771](<https://exchange.xforce.ibmcloud.com/vulnerabilities/156771>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-9956](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9956>) \n** DESCRIPTION: **ImageMagick is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the PopHexPixel function in coders/ps.c. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code, or cause a denial of service condtion on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/158832](<https://exchange.xforce.ibmcloud.com/vulnerabilities/158832>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-10131](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10131>) \n** DESCRIPTION: **ImageMagick is vulnerable to a denial of service, caused by an off-by-one read flaw in the formatIPTCfromBuffer function in coders/meta.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160672](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160672>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-10650](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10650>) \n** DESCRIPTION: **ImageMagick is vulnerable to a denial of service, caused by a heap-based buffer over-read in the WriteTIFFImage function in coders/tiff.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160121](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160121>) for the current score.